projects / linux-2.6 / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
[linux-2.6] / drivers / net / wireless / b43 / main.c
1 /*
2
3   Broadcom B43 wireless driver
4
5   Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
6   Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
7   Copyright (c) 2005, 2006 Michael Buesch <mb@bu3sch.de>
8   Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
9   Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
10
11   Some parts of the code in this file are derived from the ipw2200
12   driver  Copyright(c) 2003 - 2004 Intel Corporation.
13
14   This program is free software; you can redistribute it and/or modify
15   it under the terms of the GNU General Public License as published by
16   the Free Software Foundation; either version 2 of the License, or
17   (at your option) any later version.
18
19   This program is distributed in the hope that it will be useful,
20   but WITHOUT ANY WARRANTY; without even the implied warranty of
21   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
22   GNU General Public License for more details.
23
24   You should have received a copy of the GNU General Public License
25   along with this program; see the file COPYING.  If not, write to
26   the Free Software Foundation, Inc., 51 Franklin Steet, Fifth Floor,
27   Boston, MA 02110-1301, USA.
28
29 */
30
31 #include <linux/delay.h>
32 #include <linux/init.h>
33 #include <linux/moduleparam.h>
34 #include <linux/if_arp.h>
35 #include <linux/etherdevice.h>
36 #include <linux/version.h>
37 #include <linux/firmware.h>
38 #include <linux/wireless.h>
39 #include <linux/workqueue.h>
40 #include <linux/skbuff.h>
41 #include <linux/io.h>
42 #include <linux/dma-mapping.h>
43 #include <asm/unaligned.h>
44
45 #include "b43.h"
46 #include "main.h"
47 #include "debugfs.h"
48 #include "phy.h"
49 #include "nphy.h"
50 #include "dma.h"
51 #include "pio.h"
52 #include "sysfs.h"
53 #include "xmit.h"
54 #include "lo.h"
55 #include "pcmcia.h"
56
57 MODULE_DESCRIPTION("Broadcom B43 wireless driver");
58 MODULE_AUTHOR("Martin Langer");
59 MODULE_AUTHOR("Stefano Brivio");
60 MODULE_AUTHOR("Michael Buesch");
61 MODULE_LICENSE("GPL");
62
63 MODULE_FIRMWARE(B43_SUPPORTED_FIRMWARE_ID);
64
65
66 static int modparam_bad_frames_preempt;
67 module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
68 MODULE_PARM_DESC(bad_frames_preempt,
69                  "enable(1) / disable(0) Bad Frames Preemption");
70
71 static char modparam_fwpostfix[16];
72 module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
73 MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
74
75 static int modparam_hwpctl;
76 module_param_named(hwpctl, modparam_hwpctl, int, 0444);
77 MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
78
79 static int modparam_nohwcrypt;
80 module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
81 MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
82
83 int b43_modparam_qos = 1;
84 module_param_named(qos, b43_modparam_qos, int, 0444);
85 MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
86
87 static int modparam_btcoex = 1;
88 module_param_named(btcoex, modparam_btcoex, int, 0444);
89 MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistance (default on)");
90
91
92 static const struct ssb_device_id b43_ssb_tbl[] = {
93         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
94         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
95         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
96         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
97         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
98         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
99         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
100         SSB_DEVTABLE_END
101 };
102
103 MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
104
105 /* Channel and ratetables are shared for all devices.
106  * They can't be const, because ieee80211 puts some precalculated
107  * data in there. This data is the same for all devices, so we don't
108  * get concurrency issues */
109 #define RATETAB_ENT(_rateid, _flags) \
110         {                                                               \
111                 .bitrate        = B43_RATE_TO_BASE100KBPS(_rateid),     \
112                 .hw_value       = (_rateid),                            \
113                 .flags          = (_flags),                             \
114         }
115
116 /*
117  * NOTE: When changing this, sync with xmit.c's
118  *       b43_plcp_get_bitrate_idx_* functions!
119  */
120 static struct ieee80211_rate __b43_ratetable[] = {
121         RATETAB_ENT(B43_CCK_RATE_1MB, 0),
122         RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
123         RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
124         RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
125         RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
126         RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
127         RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
128         RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
129         RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
130         RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
131         RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
132         RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
133 };
134
135 #define b43_a_ratetable         (__b43_ratetable + 4)
136 #define b43_a_ratetable_size    8
137 #define b43_b_ratetable         (__b43_ratetable + 0)
138 #define b43_b_ratetable_size    4
139 #define b43_g_ratetable         (__b43_ratetable + 0)
140 #define b43_g_ratetable_size    12
141
142 #define CHAN4G(_channel, _freq, _flags) {                       \
143         .band                   = IEEE80211_BAND_2GHZ,          \
144         .center_freq            = (_freq),                      \
145         .hw_value               = (_channel),                   \
146         .flags                  = (_flags),                     \
147         .max_antenna_gain       = 0,                            \
148         .max_power              = 30,                           \
149 }
150 static struct ieee80211_channel b43_2ghz_chantable[] = {
151         CHAN4G(1, 2412, 0),
152         CHAN4G(2, 2417, 0),
153         CHAN4G(3, 2422, 0),
154         CHAN4G(4, 2427, 0),
155         CHAN4G(5, 2432, 0),
156         CHAN4G(6, 2437, 0),
157         CHAN4G(7, 2442, 0),
158         CHAN4G(8, 2447, 0),
159         CHAN4G(9, 2452, 0),
160         CHAN4G(10, 2457, 0),
161         CHAN4G(11, 2462, 0),
162         CHAN4G(12, 2467, 0),
163         CHAN4G(13, 2472, 0),
164         CHAN4G(14, 2484, 0),
165 };
166 #undef CHAN4G
167
168 #define CHAN5G(_channel, _flags) {                              \
169         .band                   = IEEE80211_BAND_5GHZ,          \
170         .center_freq            = 5000 + (5 * (_channel)),      \
171         .hw_value               = (_channel),                   \
172         .flags                  = (_flags),                     \
173         .max_antenna_gain       = 0,                            \
174         .max_power              = 30,                           \
175 }
176 static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
177         CHAN5G(32, 0),          CHAN5G(34, 0),
178         CHAN5G(36, 0),          CHAN5G(38, 0),
179         CHAN5G(40, 0),          CHAN5G(42, 0),
180         CHAN5G(44, 0),          CHAN5G(46, 0),
181         CHAN5G(48, 0),          CHAN5G(50, 0),
182         CHAN5G(52, 0),          CHAN5G(54, 0),
183         CHAN5G(56, 0),          CHAN5G(58, 0),
184         CHAN5G(60, 0),          CHAN5G(62, 0),
185         CHAN5G(64, 0),          CHAN5G(66, 0),
186         CHAN5G(68, 0),          CHAN5G(70, 0),
187         CHAN5G(72, 0),          CHAN5G(74, 0),
188         CHAN5G(76, 0),          CHAN5G(78, 0),
189         CHAN5G(80, 0),          CHAN5G(82, 0),
190         CHAN5G(84, 0),          CHAN5G(86, 0),
191         CHAN5G(88, 0),          CHAN5G(90, 0),
192         CHAN5G(92, 0),          CHAN5G(94, 0),
193         CHAN5G(96, 0),          CHAN5G(98, 0),
194         CHAN5G(100, 0),         CHAN5G(102, 0),
195         CHAN5G(104, 0),         CHAN5G(106, 0),
196         CHAN5G(108, 0),         CHAN5G(110, 0),
197         CHAN5G(112, 0),         CHAN5G(114, 0),
198         CHAN5G(116, 0),         CHAN5G(118, 0),
199         CHAN5G(120, 0),         CHAN5G(122, 0),
200         CHAN5G(124, 0),         CHAN5G(126, 0),
201         CHAN5G(128, 0),         CHAN5G(130, 0),
202         CHAN5G(132, 0),         CHAN5G(134, 0),
203         CHAN5G(136, 0),         CHAN5G(138, 0),
204         CHAN5G(140, 0),         CHAN5G(142, 0),
205         CHAN5G(144, 0),         CHAN5G(145, 0),
206         CHAN5G(146, 0),         CHAN5G(147, 0),
207         CHAN5G(148, 0),         CHAN5G(149, 0),
208         CHAN5G(150, 0),         CHAN5G(151, 0),
209         CHAN5G(152, 0),         CHAN5G(153, 0),
210         CHAN5G(154, 0),         CHAN5G(155, 0),
211         CHAN5G(156, 0),         CHAN5G(157, 0),
212         CHAN5G(158, 0),         CHAN5G(159, 0),
213         CHAN5G(160, 0),         CHAN5G(161, 0),
214         CHAN5G(162, 0),         CHAN5G(163, 0),
215         CHAN5G(164, 0),         CHAN5G(165, 0),
216         CHAN5G(166, 0),         CHAN5G(168, 0),
217         CHAN5G(170, 0),         CHAN5G(172, 0),
218         CHAN5G(174, 0),         CHAN5G(176, 0),
219         CHAN5G(178, 0),         CHAN5G(180, 0),
220         CHAN5G(182, 0),         CHAN5G(184, 0),
221         CHAN5G(186, 0),         CHAN5G(188, 0),
222         CHAN5G(190, 0),         CHAN5G(192, 0),
223         CHAN5G(194, 0),         CHAN5G(196, 0),
224         CHAN5G(198, 0),         CHAN5G(200, 0),
225         CHAN5G(202, 0),         CHAN5G(204, 0),
226         CHAN5G(206, 0),         CHAN5G(208, 0),
227         CHAN5G(210, 0),         CHAN5G(212, 0),
228         CHAN5G(214, 0),         CHAN5G(216, 0),
229         CHAN5G(218, 0),         CHAN5G(220, 0),
230         CHAN5G(222, 0),         CHAN5G(224, 0),
231         CHAN5G(226, 0),         CHAN5G(228, 0),
232 };
233
234 static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
235         CHAN5G(34, 0),          CHAN5G(36, 0),
236         CHAN5G(38, 0),          CHAN5G(40, 0),
237         CHAN5G(42, 0),          CHAN5G(44, 0),
238         CHAN5G(46, 0),          CHAN5G(48, 0),
239         CHAN5G(52, 0),          CHAN5G(56, 0),
240         CHAN5G(60, 0),          CHAN5G(64, 0),
241         CHAN5G(100, 0),         CHAN5G(104, 0),
242         CHAN5G(108, 0),         CHAN5G(112, 0),
243         CHAN5G(116, 0),         CHAN5G(120, 0),
244         CHAN5G(124, 0),         CHAN5G(128, 0),
245         CHAN5G(132, 0),         CHAN5G(136, 0),
246         CHAN5G(140, 0),         CHAN5G(149, 0),
247         CHAN5G(153, 0),         CHAN5G(157, 0),
248         CHAN5G(161, 0),         CHAN5G(165, 0),
249         CHAN5G(184, 0),         CHAN5G(188, 0),
250         CHAN5G(192, 0),         CHAN5G(196, 0),
251         CHAN5G(200, 0),         CHAN5G(204, 0),
252         CHAN5G(208, 0),         CHAN5G(212, 0),
253         CHAN5G(216, 0),
254 };
255 #undef CHAN5G
256
257 static struct ieee80211_supported_band b43_band_5GHz_nphy = {
258         .band           = IEEE80211_BAND_5GHZ,
259         .channels       = b43_5ghz_nphy_chantable,
260         .n_channels     = ARRAY_SIZE(b43_5ghz_nphy_chantable),
261         .bitrates       = b43_a_ratetable,
262         .n_bitrates     = b43_a_ratetable_size,
263 };
264
265 static struct ieee80211_supported_band b43_band_5GHz_aphy = {
266         .band           = IEEE80211_BAND_5GHZ,
267         .channels       = b43_5ghz_aphy_chantable,
268         .n_channels     = ARRAY_SIZE(b43_5ghz_aphy_chantable),
269         .bitrates       = b43_a_ratetable,
270         .n_bitrates     = b43_a_ratetable_size,
271 };
272
273 static struct ieee80211_supported_band b43_band_2GHz = {
274         .band           = IEEE80211_BAND_2GHZ,
275         .channels       = b43_2ghz_chantable,
276         .n_channels     = ARRAY_SIZE(b43_2ghz_chantable),
277         .bitrates       = b43_g_ratetable,
278         .n_bitrates     = b43_g_ratetable_size,
279 };
280
281 static void b43_wireless_core_exit(struct b43_wldev *dev);
282 static int b43_wireless_core_init(struct b43_wldev *dev);
283 static void b43_wireless_core_stop(struct b43_wldev *dev);
284 static int b43_wireless_core_start(struct b43_wldev *dev);
285
286 static int b43_ratelimit(struct b43_wl *wl)
287 {
288         if (!wl || !wl->current_dev)
289                 return 1;
290         if (b43_status(wl->current_dev) < B43_STAT_STARTED)
291                 return 1;
292         /* We are up and running.
293          * Ratelimit the messages to avoid DoS over the net. */
294         return net_ratelimit();
295 }
296
297 void b43info(struct b43_wl *wl, const char *fmt, ...)
298 {
299         va_list args;
300
301         if (!b43_ratelimit(wl))
302                 return;
303         va_start(args, fmt);
304         printk(KERN_INFO "b43-%s: ",
305                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
306         vprintk(fmt, args);
307         va_end(args);
308 }
309
310 void b43err(struct b43_wl *wl, const char *fmt, ...)
311 {
312         va_list args;
313
314         if (!b43_ratelimit(wl))
315                 return;
316         va_start(args, fmt);
317         printk(KERN_ERR "b43-%s ERROR: ",
318                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
319         vprintk(fmt, args);
320         va_end(args);
321 }
322
323 void b43warn(struct b43_wl *wl, const char *fmt, ...)
324 {
325         va_list args;
326
327         if (!b43_ratelimit(wl))
328                 return;
329         va_start(args, fmt);
330         printk(KERN_WARNING "b43-%s warning: ",
331                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
332         vprintk(fmt, args);
333         va_end(args);
334 }
335
336 #if B43_DEBUG
337 void b43dbg(struct b43_wl *wl, const char *fmt, ...)
338 {
339         va_list args;
340
341         va_start(args, fmt);
342         printk(KERN_DEBUG "b43-%s debug: ",
343                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
344         vprintk(fmt, args);
345         va_end(args);
346 }
347 #endif /* DEBUG */
348
349 static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
350 {
351         u32 macctl;
352
353         B43_WARN_ON(offset % 4 != 0);
354
355         macctl = b43_read32(dev, B43_MMIO_MACCTL);
356         if (macctl & B43_MACCTL_BE)
357                 val = swab32(val);
358
359         b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
360         mmiowb();
361         b43_write32(dev, B43_MMIO_RAM_DATA, val);
362 }
363
364 static inline void b43_shm_control_word(struct b43_wldev *dev,
365                                         u16 routing, u16 offset)
366 {
367         u32 control;
368
369         /* "offset" is the WORD offset. */
370         control = routing;
371         control <<= 16;
372         control |= offset;
373         b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
374 }
375
376 u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
377 {
378         struct b43_wl *wl = dev->wl;
379         unsigned long flags;
380         u32 ret;
381
382         spin_lock_irqsave(&wl->shm_lock, flags);
383         if (routing == B43_SHM_SHARED) {
384                 B43_WARN_ON(offset & 0x0001);
385                 if (offset & 0x0003) {
386                         /* Unaligned access */
387                         b43_shm_control_word(dev, routing, offset >> 2);
388                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
389                         ret <<= 16;
390                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
391                         ret |= b43_read16(dev, B43_MMIO_SHM_DATA);
392
393                         goto out;
394                 }
395                 offset >>= 2;
396         }
397         b43_shm_control_word(dev, routing, offset);
398         ret = b43_read32(dev, B43_MMIO_SHM_DATA);
399 out:
400         spin_unlock_irqrestore(&wl->shm_lock, flags);
401
402         return ret;
403 }
404
405 u16 b43_shm_read16(struct b43_wldev * dev, u16 routing, u16 offset)
406 {
407         struct b43_wl *wl = dev->wl;
408         unsigned long flags;
409         u16 ret;
410
411         spin_lock_irqsave(&wl->shm_lock, flags);
412         if (routing == B43_SHM_SHARED) {
413                 B43_WARN_ON(offset & 0x0001);
414                 if (offset & 0x0003) {
415                         /* Unaligned access */
416                         b43_shm_control_word(dev, routing, offset >> 2);
417                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
418
419                         goto out;
420                 }
421                 offset >>= 2;
422         }
423         b43_shm_control_word(dev, routing, offset);
424         ret = b43_read16(dev, B43_MMIO_SHM_DATA);
425 out:
426         spin_unlock_irqrestore(&wl->shm_lock, flags);
427
428         return ret;
429 }
430
431 void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
432 {
433         struct b43_wl *wl = dev->wl;
434         unsigned long flags;
435
436         spin_lock_irqsave(&wl->shm_lock, flags);
437         if (routing == B43_SHM_SHARED) {
438                 B43_WARN_ON(offset & 0x0001);
439                 if (offset & 0x0003) {
440                         /* Unaligned access */
441                         b43_shm_control_word(dev, routing, offset >> 2);
442                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
443                                     (value >> 16) & 0xffff);
444                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
445                         b43_write16(dev, B43_MMIO_SHM_DATA, value & 0xffff);
446                         goto out;
447                 }
448                 offset >>= 2;
449         }
450         b43_shm_control_word(dev, routing, offset);
451         b43_write32(dev, B43_MMIO_SHM_DATA, value);
452 out:
453         spin_unlock_irqrestore(&wl->shm_lock, flags);
454 }
455
456 void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
457 {
458         struct b43_wl *wl = dev->wl;
459         unsigned long flags;
460
461         spin_lock_irqsave(&wl->shm_lock, flags);
462         if (routing == B43_SHM_SHARED) {
463                 B43_WARN_ON(offset & 0x0001);
464                 if (offset & 0x0003) {
465                         /* Unaligned access */
466                         b43_shm_control_word(dev, routing, offset >> 2);
467                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
468                         goto out;
469                 }
470                 offset >>= 2;
471         }
472         b43_shm_control_word(dev, routing, offset);
473         b43_write16(dev, B43_MMIO_SHM_DATA, value);
474 out:
475         spin_unlock_irqrestore(&wl->shm_lock, flags);
476 }
477
478 /* Read HostFlags */
479 u64 b43_hf_read(struct b43_wldev * dev)
480 {
481         u64 ret;
482
483         ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI);
484         ret <<= 16;
485         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI);
486         ret <<= 16;
487         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO);
488
489         return ret;
490 }
491
492 /* Write HostFlags */
493 void b43_hf_write(struct b43_wldev *dev, u64 value)
494 {
495         u16 lo, mi, hi;
496
497         lo = (value & 0x00000000FFFFULL);
498         mi = (value & 0x0000FFFF0000ULL) >> 16;
499         hi = (value & 0xFFFF00000000ULL) >> 32;
500         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO, lo);
501         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI, mi);
502         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI, hi);
503 }
504
505 void b43_tsf_read(struct b43_wldev *dev, u64 * tsf)
506 {
507         /* We need to be careful. As we read the TSF from multiple
508          * registers, we should take care of register overflows.
509          * In theory, the whole tsf read process should be atomic.
510          * We try to be atomic here, by restaring the read process,
511          * if any of the high registers changed (overflew).
512          */
513         if (dev->dev->id.revision >= 3) {
514                 u32 low, high, high2;
515
516                 do {
517                         high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
518                         low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
519                         high2 = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
520                 } while (unlikely(high != high2));
521
522                 *tsf = high;
523                 *tsf <<= 32;
524                 *tsf |= low;
525         } else {
526                 u64 tmp;
527                 u16 v0, v1, v2, v3;
528                 u16 test1, test2, test3;
529
530                 do {
531                         v3 = b43_read16(dev, B43_MMIO_TSF_3);
532                         v2 = b43_read16(dev, B43_MMIO_TSF_2);
533                         v1 = b43_read16(dev, B43_MMIO_TSF_1);
534                         v0 = b43_read16(dev, B43_MMIO_TSF_0);
535
536                         test3 = b43_read16(dev, B43_MMIO_TSF_3);
537                         test2 = b43_read16(dev, B43_MMIO_TSF_2);
538                         test1 = b43_read16(dev, B43_MMIO_TSF_1);
539                 } while (v3 != test3 || v2 != test2 || v1 != test1);
540
541                 *tsf = v3;
542                 *tsf <<= 48;
543                 tmp = v2;
544                 tmp <<= 32;
545                 *tsf |= tmp;
546                 tmp = v1;
547                 tmp <<= 16;
548                 *tsf |= tmp;
549                 *tsf |= v0;
550         }
551 }
552
553 static void b43_time_lock(struct b43_wldev *dev)
554 {
555         u32 macctl;
556
557         macctl = b43_read32(dev, B43_MMIO_MACCTL);
558         macctl |= B43_MACCTL_TBTTHOLD;
559         b43_write32(dev, B43_MMIO_MACCTL, macctl);
560         /* Commit the write */
561         b43_read32(dev, B43_MMIO_MACCTL);
562 }
563
564 static void b43_time_unlock(struct b43_wldev *dev)
565 {
566         u32 macctl;
567
568         macctl = b43_read32(dev, B43_MMIO_MACCTL);
569         macctl &= ~B43_MACCTL_TBTTHOLD;
570         b43_write32(dev, B43_MMIO_MACCTL, macctl);
571         /* Commit the write */
572         b43_read32(dev, B43_MMIO_MACCTL);
573 }
574
575 static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
576 {
577         /* Be careful with the in-progress timer.
578          * First zero out the low register, so we have a full
579          * register-overflow duration to complete the operation.
580          */
581         if (dev->dev->id.revision >= 3) {
582                 u32 lo = (tsf & 0x00000000FFFFFFFFULL);
583                 u32 hi = (tsf & 0xFFFFFFFF00000000ULL) >> 32;
584
585                 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, 0);
586                 mmiowb();
587                 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, hi);
588                 mmiowb();
589                 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, lo);
590         } else {
591                 u16 v0 = (tsf & 0x000000000000FFFFULL);
592                 u16 v1 = (tsf & 0x00000000FFFF0000ULL) >> 16;
593                 u16 v2 = (tsf & 0x0000FFFF00000000ULL) >> 32;
594                 u16 v3 = (tsf & 0xFFFF000000000000ULL) >> 48;
595
596                 b43_write16(dev, B43_MMIO_TSF_0, 0);
597                 mmiowb();
598                 b43_write16(dev, B43_MMIO_TSF_3, v3);
599                 mmiowb();
600                 b43_write16(dev, B43_MMIO_TSF_2, v2);
601                 mmiowb();
602                 b43_write16(dev, B43_MMIO_TSF_1, v1);
603                 mmiowb();
604                 b43_write16(dev, B43_MMIO_TSF_0, v0);
605         }
606 }
607
608 void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
609 {
610         b43_time_lock(dev);
611         b43_tsf_write_locked(dev, tsf);
612         b43_time_unlock(dev);
613 }
614
615 static
616 void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 * mac)
617 {
618         static const u8 zero_addr[ETH_ALEN] = { 0 };
619         u16 data;
620
621         if (!mac)
622                 mac = zero_addr;
623
624         offset |= 0x0020;
625         b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
626
627         data = mac[0];
628         data |= mac[1] << 8;
629         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
630         data = mac[2];
631         data |= mac[3] << 8;
632         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
633         data = mac[4];
634         data |= mac[5] << 8;
635         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
636 }
637
638 static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
639 {
640         const u8 *mac;
641         const u8 *bssid;
642         u8 mac_bssid[ETH_ALEN * 2];
643         int i;
644         u32 tmp;
645
646         bssid = dev->wl->bssid;
647         mac = dev->wl->mac_addr;
648
649         b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
650
651         memcpy(mac_bssid, mac, ETH_ALEN);
652         memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
653
654         /* Write our MAC address and BSSID to template ram */
655         for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
656                 tmp = (u32) (mac_bssid[i + 0]);
657                 tmp |= (u32) (mac_bssid[i + 1]) << 8;
658                 tmp |= (u32) (mac_bssid[i + 2]) << 16;
659                 tmp |= (u32) (mac_bssid[i + 3]) << 24;
660                 b43_ram_write(dev, 0x20 + i, tmp);
661         }
662 }
663
664 static void b43_upload_card_macaddress(struct b43_wldev *dev)
665 {
666         b43_write_mac_bssid_templates(dev);
667         b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
668 }
669
670 static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
671 {
672         /* slot_time is in usec. */
673         if (dev->phy.type != B43_PHYTYPE_G)
674                 return;
675         b43_write16(dev, 0x684, 510 + slot_time);
676         b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
677 }
678
679 static void b43_short_slot_timing_enable(struct b43_wldev *dev)
680 {
681         b43_set_slot_time(dev, 9);
682         dev->short_slot = 1;
683 }
684
685 static void b43_short_slot_timing_disable(struct b43_wldev *dev)
686 {
687         b43_set_slot_time(dev, 20);
688         dev->short_slot = 0;
689 }
690
691 /* Enable a Generic IRQ. "mask" is the mask of which IRQs to enable.
692  * Returns the _previously_ enabled IRQ mask.
693  */
694 static inline u32 b43_interrupt_enable(struct b43_wldev *dev, u32 mask)
695 {
696         u32 old_mask;
697
698         old_mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
699         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, old_mask | mask);
700
701         return old_mask;
702 }
703
704 /* Disable a Generic IRQ. "mask" is the mask of which IRQs to disable.
705  * Returns the _previously_ enabled IRQ mask.
706  */
707 static inline u32 b43_interrupt_disable(struct b43_wldev *dev, u32 mask)
708 {
709         u32 old_mask;
710
711         old_mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
712         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, old_mask & ~mask);
713
714         return old_mask;
715 }
716
717 /* Synchronize IRQ top- and bottom-half.
718  * IRQs must be masked before calling this.
719  * This must not be called with the irq_lock held.
720  */
721 static void b43_synchronize_irq(struct b43_wldev *dev)
722 {
723         synchronize_irq(dev->dev->irq);
724         tasklet_kill(&dev->isr_tasklet);
725 }
726
727 /* DummyTransmission function, as documented on
728  * http://bcm-specs.sipsolutions.net/DummyTransmission
729  */
730 void b43_dummy_transmission(struct b43_wldev *dev)
731 {
732         struct b43_wl *wl = dev->wl;
733         struct b43_phy *phy = &dev->phy;
734         unsigned int i, max_loop;
735         u16 value;
736         u32 buffer[5] = {
737                 0x00000000,
738                 0x00D40000,
739                 0x00000000,
740                 0x01000000,
741                 0x00000000,
742         };
743
744         switch (phy->type) {
745         case B43_PHYTYPE_A:
746                 max_loop = 0x1E;
747                 buffer[0] = 0x000201CC;
748                 break;
749         case B43_PHYTYPE_B:
750         case B43_PHYTYPE_G:
751                 max_loop = 0xFA;
752                 buffer[0] = 0x000B846E;
753                 break;
754         default:
755                 B43_WARN_ON(1);
756                 return;
757         }
758
759         spin_lock_irq(&wl->irq_lock);
760         write_lock(&wl->tx_lock);
761
762         for (i = 0; i < 5; i++)
763                 b43_ram_write(dev, i * 4, buffer[i]);
764
765         /* Commit writes */
766         b43_read32(dev, B43_MMIO_MACCTL);
767
768         b43_write16(dev, 0x0568, 0x0000);
769         b43_write16(dev, 0x07C0, 0x0000);
770         value = ((phy->type == B43_PHYTYPE_A) ? 1 : 0);
771         b43_write16(dev, 0x050C, value);
772         b43_write16(dev, 0x0508, 0x0000);
773         b43_write16(dev, 0x050A, 0x0000);
774         b43_write16(dev, 0x054C, 0x0000);
775         b43_write16(dev, 0x056A, 0x0014);
776         b43_write16(dev, 0x0568, 0x0826);
777         b43_write16(dev, 0x0500, 0x0000);
778         b43_write16(dev, 0x0502, 0x0030);
779
780         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
781                 b43_radio_write16(dev, 0x0051, 0x0017);
782         for (i = 0x00; i < max_loop; i++) {
783                 value = b43_read16(dev, 0x050E);
784                 if (value & 0x0080)
785                         break;
786                 udelay(10);
787         }
788         for (i = 0x00; i < 0x0A; i++) {
789                 value = b43_read16(dev, 0x050E);
790                 if (value & 0x0400)
791                         break;
792                 udelay(10);
793         }
794         for (i = 0x00; i < 0x0A; i++) {
795                 value = b43_read16(dev, 0x0690);
796                 if (!(value & 0x0100))
797                         break;
798                 udelay(10);
799         }
800         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
801                 b43_radio_write16(dev, 0x0051, 0x0037);
802
803         write_unlock(&wl->tx_lock);
804         spin_unlock_irq(&wl->irq_lock);
805 }
806
807 static void key_write(struct b43_wldev *dev,
808                       u8 index, u8 algorithm, const u8 * key)
809 {
810         unsigned int i;
811         u32 offset;
812         u16 value;
813         u16 kidx;
814
815         /* Key index/algo block */
816         kidx = b43_kidx_to_fw(dev, index);
817         value = ((kidx << 4) | algorithm);
818         b43_shm_write16(dev, B43_SHM_SHARED,
819                         B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
820
821         /* Write the key to the Key Table Pointer offset */
822         offset = dev->ktp + (index * B43_SEC_KEYSIZE);
823         for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
824                 value = key[i];
825                 value |= (u16) (key[i + 1]) << 8;
826                 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
827         }
828 }
829
830 static void keymac_write(struct b43_wldev *dev, u8 index, const u8 * addr)
831 {
832         u32 addrtmp[2] = { 0, 0, };
833         u8 per_sta_keys_start = 8;
834
835         if (b43_new_kidx_api(dev))
836                 per_sta_keys_start = 4;
837
838         B43_WARN_ON(index < per_sta_keys_start);
839         /* We have two default TX keys and possibly two default RX keys.
840          * Physical mac 0 is mapped to physical key 4 or 8, depending
841          * on the firmware version.
842          * So we must adjust the index here.
843          */
844         index -= per_sta_keys_start;
845
846         if (addr) {
847                 addrtmp[0] = addr[0];
848                 addrtmp[0] |= ((u32) (addr[1]) << 8);
849                 addrtmp[0] |= ((u32) (addr[2]) << 16);
850                 addrtmp[0] |= ((u32) (addr[3]) << 24);
851                 addrtmp[1] = addr[4];
852                 addrtmp[1] |= ((u32) (addr[5]) << 8);
853         }
854
855         if (dev->dev->id.revision >= 5) {
856                 /* Receive match transmitter address mechanism */
857                 b43_shm_write32(dev, B43_SHM_RCMTA,
858                                 (index * 2) + 0, addrtmp[0]);
859                 b43_shm_write16(dev, B43_SHM_RCMTA,
860                                 (index * 2) + 1, addrtmp[1]);
861         } else {
862                 /* RXE (Receive Engine) and
863                  * PSM (Programmable State Machine) mechanism
864                  */
865                 if (index < 8) {
866                         /* TODO write to RCM 16, 19, 22 and 25 */
867                 } else {
868                         b43_shm_write32(dev, B43_SHM_SHARED,
869                                         B43_SHM_SH_PSM + (index * 6) + 0,
870                                         addrtmp[0]);
871                         b43_shm_write16(dev, B43_SHM_SHARED,
872                                         B43_SHM_SH_PSM + (index * 6) + 4,
873                                         addrtmp[1]);
874                 }
875         }
876 }
877
878 static void do_key_write(struct b43_wldev *dev,
879                          u8 index, u8 algorithm,
880                          const u8 * key, size_t key_len, const u8 * mac_addr)
881 {
882         u8 buf[B43_SEC_KEYSIZE] = { 0, };
883         u8 per_sta_keys_start = 8;
884
885         if (b43_new_kidx_api(dev))
886                 per_sta_keys_start = 4;
887
888         B43_WARN_ON(index >= dev->max_nr_keys);
889         B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
890
891         if (index >= per_sta_keys_start)
892                 keymac_write(dev, index, NULL); /* First zero out mac. */
893         if (key)
894                 memcpy(buf, key, key_len);
895         key_write(dev, index, algorithm, buf);
896         if (index >= per_sta_keys_start)
897                 keymac_write(dev, index, mac_addr);
898
899         dev->key[index].algorithm = algorithm;
900 }
901
902 static int b43_key_write(struct b43_wldev *dev,
903                          int index, u8 algorithm,
904                          const u8 * key, size_t key_len,
905                          const u8 * mac_addr,
906                          struct ieee80211_key_conf *keyconf)
907 {
908         int i;
909         int sta_keys_start;
910
911         if (key_len > B43_SEC_KEYSIZE)
912                 return -EINVAL;
913         for (i = 0; i < dev->max_nr_keys; i++) {
914                 /* Check that we don't already have this key. */
915                 B43_WARN_ON(dev->key[i].keyconf == keyconf);
916         }
917         if (index < 0) {
918                 /* Either pairwise key or address is 00:00:00:00:00:00
919                  * for transmit-only keys. Search the index. */
920                 if (b43_new_kidx_api(dev))
921                         sta_keys_start = 4;
922                 else
923                         sta_keys_start = 8;
924                 for (i = sta_keys_start; i < dev->max_nr_keys; i++) {
925                         if (!dev->key[i].keyconf) {
926                                 /* found empty */
927                                 index = i;
928                                 break;
929                         }
930                 }
931                 if (index < 0) {
932                         b43err(dev->wl, "Out of hardware key memory\n");
933                         return -ENOSPC;
934                 }
935         } else
936                 B43_WARN_ON(index > 3);
937
938         do_key_write(dev, index, algorithm, key, key_len, mac_addr);
939         if ((index <= 3) && !b43_new_kidx_api(dev)) {
940                 /* Default RX key */
941                 B43_WARN_ON(mac_addr);
942                 do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
943         }
944         keyconf->hw_key_idx = index;
945         dev->key[index].keyconf = keyconf;
946
947         return 0;
948 }
949
950 static int b43_key_clear(struct b43_wldev *dev, int index)
951 {
952         if (B43_WARN_ON((index < 0) || (index >= dev->max_nr_keys)))
953                 return -EINVAL;
954         do_key_write(dev, index, B43_SEC_ALGO_NONE,
955                      NULL, B43_SEC_KEYSIZE, NULL);
956         if ((index <= 3) && !b43_new_kidx_api(dev)) {
957                 do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
958                              NULL, B43_SEC_KEYSIZE, NULL);
959         }
960         dev->key[index].keyconf = NULL;
961
962         return 0;
963 }
964
965 static void b43_clear_keys(struct b43_wldev *dev)
966 {
967         int i;
968
969         for (i = 0; i < dev->max_nr_keys; i++)
970                 b43_key_clear(dev, i);
971 }
972
973 void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
974 {
975         u32 macctl;
976         u16 ucstat;
977         bool hwps;
978         bool awake;
979         int i;
980
981         B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
982                     (ps_flags & B43_PS_DISABLED));
983         B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
984
985         if (ps_flags & B43_PS_ENABLED) {
986                 hwps = 1;
987         } else if (ps_flags & B43_PS_DISABLED) {
988                 hwps = 0;
989         } else {
990                 //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
991                 //      and thus is not an AP and we are associated, set bit 25
992         }
993         if (ps_flags & B43_PS_AWAKE) {
994                 awake = 1;
995         } else if (ps_flags & B43_PS_ASLEEP) {
996                 awake = 0;
997         } else {
998                 //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
999                 //      or we are associated, or FIXME, or the latest PS-Poll packet sent was
1000                 //      successful, set bit26
1001         }
1002
1003 /* FIXME: For now we force awake-on and hwps-off */
1004         hwps = 0;
1005         awake = 1;
1006
1007         macctl = b43_read32(dev, B43_MMIO_MACCTL);
1008         if (hwps)
1009                 macctl |= B43_MACCTL_HWPS;
1010         else
1011                 macctl &= ~B43_MACCTL_HWPS;
1012         if (awake)
1013                 macctl |= B43_MACCTL_AWAKE;
1014         else
1015                 macctl &= ~B43_MACCTL_AWAKE;
1016         b43_write32(dev, B43_MMIO_MACCTL, macctl);
1017         /* Commit write */
1018         b43_read32(dev, B43_MMIO_MACCTL);
1019         if (awake && dev->dev->id.revision >= 5) {
1020                 /* Wait for the microcode to wake up. */
1021                 for (i = 0; i < 100; i++) {
1022                         ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1023                                                 B43_SHM_SH_UCODESTAT);
1024                         if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1025                                 break;
1026                         udelay(10);
1027                 }
1028         }
1029 }
1030
1031 /* Turn the Analog ON/OFF */
1032 static void b43_switch_analog(struct b43_wldev *dev, int on)
1033 {
1034         switch (dev->phy.type) {
1035         case B43_PHYTYPE_A:
1036         case B43_PHYTYPE_G:
1037                 b43_write16(dev, B43_MMIO_PHY0, on ? 0 : 0xF4);
1038                 break;
1039         case B43_PHYTYPE_N:
1040                 b43_phy_write(dev, B43_NPHY_AFECTL_OVER,
1041                               on ? 0 : 0x7FFF);
1042                 break;
1043         default:
1044                 B43_WARN_ON(1);
1045         }
1046 }
1047
1048 void b43_wireless_core_reset(struct b43_wldev *dev, u32 flags)
1049 {
1050         u32 tmslow;
1051         u32 macctl;
1052
1053         flags |= B43_TMSLOW_PHYCLKEN;
1054         flags |= B43_TMSLOW_PHYRESET;
1055         ssb_device_enable(dev->dev, flags);
1056         msleep(2);              /* Wait for the PLL to turn on. */
1057
1058         /* Now take the PHY out of Reset again */
1059         tmslow = ssb_read32(dev->dev, SSB_TMSLOW);
1060         tmslow |= SSB_TMSLOW_FGC;
1061         tmslow &= ~B43_TMSLOW_PHYRESET;
1062         ssb_write32(dev->dev, SSB_TMSLOW, tmslow);
1063         ssb_read32(dev->dev, SSB_TMSLOW);       /* flush */
1064         msleep(1);
1065         tmslow &= ~SSB_TMSLOW_FGC;
1066         ssb_write32(dev->dev, SSB_TMSLOW, tmslow);
1067         ssb_read32(dev->dev, SSB_TMSLOW);       /* flush */
1068         msleep(1);
1069
1070         /* Turn Analog ON */
1071         b43_switch_analog(dev, 1);
1072
1073         macctl = b43_read32(dev, B43_MMIO_MACCTL);
1074         macctl &= ~B43_MACCTL_GMODE;
1075         if (flags & B43_TMSLOW_GMODE)
1076                 macctl |= B43_MACCTL_GMODE;
1077         macctl |= B43_MACCTL_IHR_ENABLED;
1078         b43_write32(dev, B43_MMIO_MACCTL, macctl);
1079 }
1080
1081 static void handle_irq_transmit_status(struct b43_wldev *dev)
1082 {
1083         u32 v0, v1;
1084         u16 tmp;
1085         struct b43_txstatus stat;
1086
1087         while (1) {
1088                 v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1089                 if (!(v0 & 0x00000001))
1090                         break;
1091                 v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1092
1093                 stat.cookie = (v0 >> 16);
1094                 stat.seq = (v1 & 0x0000FFFF);
1095                 stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1096                 tmp = (v0 & 0x0000FFFF);
1097                 stat.frame_count = ((tmp & 0xF000) >> 12);
1098                 stat.rts_count = ((tmp & 0x0F00) >> 8);
1099                 stat.supp_reason = ((tmp & 0x001C) >> 2);
1100                 stat.pm_indicated = !!(tmp & 0x0080);
1101                 stat.intermediate = !!(tmp & 0x0040);
1102                 stat.for_ampdu = !!(tmp & 0x0020);
1103                 stat.acked = !!(tmp & 0x0002);
1104
1105                 b43_handle_txstatus(dev, &stat);
1106         }
1107 }
1108
1109 static void drain_txstatus_queue(struct b43_wldev *dev)
1110 {
1111         u32 dummy;
1112
1113         if (dev->dev->id.revision < 5)
1114                 return;
1115         /* Read all entries from the microcode TXstatus FIFO
1116          * and throw them away.
1117          */
1118         while (1) {
1119                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1120                 if (!(dummy & 0x00000001))
1121                         break;
1122                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1123         }
1124 }
1125
1126 static u32 b43_jssi_read(struct b43_wldev *dev)
1127 {
1128         u32 val = 0;
1129
1130         val = b43_shm_read16(dev, B43_SHM_SHARED, 0x08A);
1131         val <<= 16;
1132         val |= b43_shm_read16(dev, B43_SHM_SHARED, 0x088);
1133
1134         return val;
1135 }
1136
1137 static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1138 {
1139         b43_shm_write16(dev, B43_SHM_SHARED, 0x088, (jssi & 0x0000FFFF));
1140         b43_shm_write16(dev, B43_SHM_SHARED, 0x08A, (jssi & 0xFFFF0000) >> 16);
1141 }
1142
1143 static void b43_generate_noise_sample(struct b43_wldev *dev)
1144 {
1145         b43_jssi_write(dev, 0x7F7F7F7F);
1146         b43_write32(dev, B43_MMIO_MACCMD,
1147                     b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1148 }
1149
1150 static void b43_calculate_link_quality(struct b43_wldev *dev)
1151 {
1152         /* Top half of Link Quality calculation. */
1153
1154         if (dev->noisecalc.calculation_running)
1155                 return;
1156         dev->noisecalc.calculation_running = 1;
1157         dev->noisecalc.nr_samples = 0;
1158
1159         b43_generate_noise_sample(dev);
1160 }
1161
1162 static void handle_irq_noise(struct b43_wldev *dev)
1163 {
1164         struct b43_phy *phy = &dev->phy;
1165         u16 tmp;
1166         u8 noise[4];
1167         u8 i, j;
1168         s32 average;
1169
1170         /* Bottom half of Link Quality calculation. */
1171
1172         /* Possible race condition: It might be possible that the user
1173          * changed to a different channel in the meantime since we
1174          * started the calculation. We ignore that fact, since it's
1175          * not really that much of a problem. The background noise is
1176          * an estimation only anyway. Slightly wrong results will get damped
1177          * by the averaging of the 8 sample rounds. Additionally the
1178          * value is shortlived. So it will be replaced by the next noise
1179          * calculation round soon. */
1180
1181         B43_WARN_ON(!dev->noisecalc.calculation_running);
1182         *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1183         if (noise[0] == 0x7F || noise[1] == 0x7F ||
1184             noise[2] == 0x7F || noise[3] == 0x7F)
1185                 goto generate_new;
1186
1187         /* Get the noise samples. */
1188         B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1189         i = dev->noisecalc.nr_samples;
1190         noise[0] = clamp_val(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1191         noise[1] = clamp_val(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1192         noise[2] = clamp_val(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1193         noise[3] = clamp_val(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1194         dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1195         dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1196         dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1197         dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1198         dev->noisecalc.nr_samples++;
1199         if (dev->noisecalc.nr_samples == 8) {
1200                 /* Calculate the Link Quality by the noise samples. */
1201                 average = 0;
1202                 for (i = 0; i < 8; i++) {
1203                         for (j = 0; j < 4; j++)
1204                                 average += dev->noisecalc.samples[i][j];
1205                 }
1206                 average /= (8 * 4);
1207                 average *= 125;
1208                 average += 64;
1209                 average /= 128;
1210                 tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1211                 tmp = (tmp / 128) & 0x1F;
1212                 if (tmp >= 8)
1213                         average += 2;
1214                 else
1215                         average -= 25;
1216                 if (tmp == 8)
1217                         average -= 72;
1218                 else
1219                         average -= 48;
1220
1221                 dev->stats.link_noise = average;
1222                 dev->noisecalc.calculation_running = 0;
1223                 return;
1224         }
1225 generate_new:
1226         b43_generate_noise_sample(dev);
1227 }
1228
1229 static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1230 {
1231         if (b43_is_mode(dev->wl, IEEE80211_IF_TYPE_AP)) {
1232                 ///TODO: PS TBTT
1233         } else {
1234                 if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1235                         b43_power_saving_ctl_bits(dev, 0);
1236         }
1237         if (b43_is_mode(dev->wl, IEEE80211_IF_TYPE_IBSS))
1238                 dev->dfq_valid = 1;
1239 }
1240
1241 static void handle_irq_atim_end(struct b43_wldev *dev)
1242 {
1243         if (dev->dfq_valid) {
1244                 b43_write32(dev, B43_MMIO_MACCMD,
1245                             b43_read32(dev, B43_MMIO_MACCMD)
1246                             | B43_MACCMD_DFQ_VALID);
1247                 dev->dfq_valid = 0;
1248         }
1249 }
1250
1251 static void handle_irq_pmq(struct b43_wldev *dev)
1252 {
1253         u32 tmp;
1254
1255         //TODO: AP mode.
1256
1257         while (1) {
1258                 tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1259                 if (!(tmp & 0x00000008))
1260                         break;
1261         }
1262         /* 16bit write is odd, but correct. */
1263         b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1264 }
1265
1266 static void b43_write_template_common(struct b43_wldev *dev,
1267                                       const u8 * data, u16 size,
1268                                       u16 ram_offset,
1269                                       u16 shm_size_offset, u8 rate)
1270 {
1271         u32 i, tmp;
1272         struct b43_plcp_hdr4 plcp;
1273
1274         plcp.data = 0;
1275         b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1276         b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1277         ram_offset += sizeof(u32);
1278         /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1279          * So leave the first two bytes of the next write blank.
1280          */
1281         tmp = (u32) (data[0]) << 16;
1282         tmp |= (u32) (data[1]) << 24;
1283         b43_ram_write(dev, ram_offset, tmp);
1284         ram_offset += sizeof(u32);
1285         for (i = 2; i < size; i += sizeof(u32)) {
1286                 tmp = (u32) (data[i + 0]);
1287                 if (i + 1 < size)
1288                         tmp |= (u32) (data[i + 1]) << 8;
1289                 if (i + 2 < size)
1290                         tmp |= (u32) (data[i + 2]) << 16;
1291                 if (i + 3 < size)
1292                         tmp |= (u32) (data[i + 3]) << 24;
1293                 b43_ram_write(dev, ram_offset + i - 2, tmp);
1294         }
1295         b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1296                         size + sizeof(struct b43_plcp_hdr6));
1297 }
1298
1299 /* Check if the use of the antenna that ieee80211 told us to
1300  * use is possible. This will fall back to DEFAULT.
1301  * "antenna_nr" is the antenna identifier we got from ieee80211. */
1302 u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1303                                   u8 antenna_nr)
1304 {
1305         u8 antenna_mask;
1306
1307         if (antenna_nr == 0) {
1308                 /* Zero means "use default antenna". That's always OK. */
1309                 return 0;
1310         }
1311
1312         /* Get the mask of available antennas. */
1313         if (dev->phy.gmode)
1314                 antenna_mask = dev->dev->bus->sprom.ant_available_bg;
1315         else
1316                 antenna_mask = dev->dev->bus->sprom.ant_available_a;
1317
1318         if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1319                 /* This antenna is not available. Fall back to default. */
1320                 return 0;
1321         }
1322
1323         return antenna_nr;
1324 }
1325
1326 static int b43_antenna_from_ieee80211(struct b43_wldev *dev, u8 antenna)
1327 {
1328         antenna = b43_ieee80211_antenna_sanitize(dev, antenna);
1329         switch (antenna) {
1330         case 0:         /* default/diversity */
1331                 return B43_ANTENNA_DEFAULT;
1332         case 1:         /* Antenna 0 */
1333                 return B43_ANTENNA0;
1334         case 2:         /* Antenna 1 */
1335                 return B43_ANTENNA1;
1336         case 3:         /* Antenna 2 */
1337                 return B43_ANTENNA2;
1338         case 4:         /* Antenna 3 */
1339                 return B43_ANTENNA3;
1340         default:
1341                 return B43_ANTENNA_DEFAULT;
1342         }
1343 }
1344
1345 /* Convert a b43 antenna number value to the PHY TX control value. */
1346 static u16 b43_antenna_to_phyctl(int antenna)
1347 {
1348         switch (antenna) {
1349         case B43_ANTENNA0:
1350                 return B43_TXH_PHY_ANT0;
1351         case B43_ANTENNA1:
1352                 return B43_TXH_PHY_ANT1;
1353         case B43_ANTENNA2:
1354                 return B43_TXH_PHY_ANT2;
1355         case B43_ANTENNA3:
1356                 return B43_TXH_PHY_ANT3;
1357         case B43_ANTENNA_AUTO:
1358                 return B43_TXH_PHY_ANT01AUTO;
1359         }
1360         B43_WARN_ON(1);
1361         return 0;
1362 }
1363
1364 static void b43_write_beacon_template(struct b43_wldev *dev,
1365                                       u16 ram_offset,
1366                                       u16 shm_size_offset)
1367 {
1368         unsigned int i, len, variable_len;
1369         const struct ieee80211_mgmt *bcn;
1370         const u8 *ie;
1371         bool tim_found = 0;
1372         unsigned int rate;
1373         u16 ctl;
1374         int antenna;
1375         struct ieee80211_tx_info *info = IEEE80211_SKB_CB(dev->wl->current_beacon);
1376
1377         bcn = (const struct ieee80211_mgmt *)(dev->wl->current_beacon->data);
1378         len = min((size_t) dev->wl->current_beacon->len,
1379                   0x200 - sizeof(struct b43_plcp_hdr6));
1380         rate = ieee80211_get_tx_rate(dev->wl->hw, info)->hw_value;
1381
1382         b43_write_template_common(dev, (const u8 *)bcn,
1383                                   len, ram_offset, shm_size_offset, rate);
1384
1385         /* Write the PHY TX control parameters. */
1386         antenna = b43_antenna_from_ieee80211(dev, info->antenna_sel_tx);
1387         antenna = b43_antenna_to_phyctl(antenna);
1388         ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1389         /* We can't send beacons with short preamble. Would get PHY errors. */
1390         ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1391         ctl &= ~B43_TXH_PHY_ANT;
1392         ctl &= ~B43_TXH_PHY_ENC;
1393         ctl |= antenna;
1394         if (b43_is_cck_rate(rate))
1395                 ctl |= B43_TXH_PHY_ENC_CCK;
1396         else
1397                 ctl |= B43_TXH_PHY_ENC_OFDM;
1398         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1399
1400         /* Find the position of the TIM and the DTIM_period value
1401          * and write them to SHM. */
1402         ie = bcn->u.beacon.variable;
1403         variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1404         for (i = 0; i < variable_len - 2; ) {
1405                 uint8_t ie_id, ie_len;
1406
1407                 ie_id = ie[i];
1408                 ie_len = ie[i + 1];
1409                 if (ie_id == 5) {
1410                         u16 tim_position;
1411                         u16 dtim_period;
1412                         /* This is the TIM Information Element */
1413
1414                         /* Check whether the ie_len is in the beacon data range. */
1415                         if (variable_len < ie_len + 2 + i)
1416                                 break;
1417                         /* A valid TIM is at least 4 bytes long. */
1418                         if (ie_len < 4)
1419                                 break;
1420                         tim_found = 1;
1421
1422                         tim_position = sizeof(struct b43_plcp_hdr6);
1423                         tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1424                         tim_position += i;
1425
1426                         dtim_period = ie[i + 3];
1427
1428                         b43_shm_write16(dev, B43_SHM_SHARED,
1429                                         B43_SHM_SH_TIMBPOS, tim_position);
1430                         b43_shm_write16(dev, B43_SHM_SHARED,
1431                                         B43_SHM_SH_DTIMPER, dtim_period);
1432                         break;
1433                 }
1434                 i += ie_len + 2;
1435         }
1436         if (!tim_found) {
1437                 /*
1438                  * If ucode wants to modify TIM do it behind the beacon, this
1439                  * will happen, for example, when doing mesh networking.
1440                  */
1441                 b43_shm_write16(dev, B43_SHM_SHARED,
1442                                 B43_SHM_SH_TIMBPOS,
1443                                 len + sizeof(struct b43_plcp_hdr6));
1444                 b43_shm_write16(dev, B43_SHM_SHARED,
1445                                 B43_SHM_SH_DTIMPER, 0);
1446         }
1447         b43dbg(dev->wl, "Updated beacon template at 0x%x\n", ram_offset);
1448 }
1449
1450 static void b43_write_probe_resp_plcp(struct b43_wldev *dev,
1451                                       u16 shm_offset, u16 size,
1452                                       struct ieee80211_rate *rate)
1453 {
1454         struct b43_plcp_hdr4 plcp;
1455         u32 tmp;
1456         __le16 dur;
1457
1458         plcp.data = 0;
1459         b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate->hw_value);
1460         dur = ieee80211_generic_frame_duration(dev->wl->hw,
1461                                                dev->wl->vif, size,
1462                                                rate);
1463         /* Write PLCP in two parts and timing for packet transfer */
1464         tmp = le32_to_cpu(plcp.data);
1465         b43_shm_write16(dev, B43_SHM_SHARED, shm_offset, tmp & 0xFFFF);
1466         b43_shm_write16(dev, B43_SHM_SHARED, shm_offset + 2, tmp >> 16);
1467         b43_shm_write16(dev, B43_SHM_SHARED, shm_offset + 6, le16_to_cpu(dur));
1468 }
1469
1470 /* Instead of using custom probe response template, this function
1471  * just patches custom beacon template by:
1472  * 1) Changing packet type
1473  * 2) Patching duration field
1474  * 3) Stripping TIM
1475  */
1476 static const u8 * b43_generate_probe_resp(struct b43_wldev *dev,
1477                                           u16 *dest_size,
1478                                           struct ieee80211_rate *rate)
1479 {
1480         const u8 *src_data;
1481         u8 *dest_data;
1482         u16 src_size, elem_size, src_pos, dest_pos;
1483         __le16 dur;
1484         struct ieee80211_hdr *hdr;
1485         size_t ie_start;
1486
1487         src_size = dev->wl->current_beacon->len;
1488         src_data = (const u8 *)dev->wl->current_beacon->data;
1489
1490         /* Get the start offset of the variable IEs in the packet. */
1491         ie_start = offsetof(struct ieee80211_mgmt, u.probe_resp.variable);
1492         B43_WARN_ON(ie_start != offsetof(struct ieee80211_mgmt, u.beacon.variable));
1493
1494         if (B43_WARN_ON(src_size < ie_start))
1495                 return NULL;
1496
1497         dest_data = kmalloc(src_size, GFP_ATOMIC);
1498         if (unlikely(!dest_data))
1499                 return NULL;
1500
1501         /* Copy the static data and all Information Elements, except the TIM. */
1502         memcpy(dest_data, src_data, ie_start);
1503         src_pos = ie_start;
1504         dest_pos = ie_start;
1505         for ( ; src_pos < src_size - 2; src_pos += elem_size) {
1506                 elem_size = src_data[src_pos + 1] + 2;
1507                 if (src_data[src_pos] == 5) {
1508                         /* This is the TIM. */
1509                         continue;
1510                 }
1511                 memcpy(dest_data + dest_pos, src_data + src_pos,
1512                        elem_size);
1513                 dest_pos += elem_size;
1514         }
1515         *dest_size = dest_pos;
1516         hdr = (struct ieee80211_hdr *)dest_data;
1517
1518         /* Set the frame control. */
1519         hdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
1520                                          IEEE80211_STYPE_PROBE_RESP);
1521         dur = ieee80211_generic_frame_duration(dev->wl->hw,
1522                                                dev->wl->vif, *dest_size,
1523                                                rate);
1524         hdr->duration_id = dur;
1525
1526         return dest_data;
1527 }
1528
1529 static void b43_write_probe_resp_template(struct b43_wldev *dev,
1530                                           u16 ram_offset,
1531                                           u16 shm_size_offset,
1532                                           struct ieee80211_rate *rate)
1533 {
1534         const u8 *probe_resp_data;
1535         u16 size;
1536
1537         size = dev->wl->current_beacon->len;
1538         probe_resp_data = b43_generate_probe_resp(dev, &size, rate);
1539         if (unlikely(!probe_resp_data))
1540                 return;
1541
1542         /* Looks like PLCP headers plus packet timings are stored for
1543          * all possible basic rates
1544          */
1545         b43_write_probe_resp_plcp(dev, 0x31A, size, &b43_b_ratetable[0]);
1546         b43_write_probe_resp_plcp(dev, 0x32C, size, &b43_b_ratetable[1]);
1547         b43_write_probe_resp_plcp(dev, 0x33E, size, &b43_b_ratetable[2]);
1548         b43_write_probe_resp_plcp(dev, 0x350, size, &b43_b_ratetable[3]);
1549
1550         size = min((size_t) size, 0x200 - sizeof(struct b43_plcp_hdr6));
1551         b43_write_template_common(dev, probe_resp_data,
1552                                   size, ram_offset, shm_size_offset,
1553                                   rate->hw_value);
1554         kfree(probe_resp_data);
1555 }
1556
1557 static void b43_upload_beacon0(struct b43_wldev *dev)
1558 {
1559         struct b43_wl *wl = dev->wl;
1560
1561         if (wl->beacon0_uploaded)
1562                 return;
1563         b43_write_beacon_template(dev, 0x68, 0x18);
1564         /* FIXME: Probe resp upload doesn't really belong here,
1565          *        but we don't use that feature anyway. */
1566         b43_write_probe_resp_template(dev, 0x268, 0x4A,
1567                                       &__b43_ratetable[3]);
1568         wl->beacon0_uploaded = 1;
1569 }
1570
1571 static void b43_upload_beacon1(struct b43_wldev *dev)
1572 {
1573         struct b43_wl *wl = dev->wl;
1574
1575         if (wl->beacon1_uploaded)
1576                 return;
1577         b43_write_beacon_template(dev, 0x468, 0x1A);
1578         wl->beacon1_uploaded = 1;
1579 }
1580
1581 static void handle_irq_beacon(struct b43_wldev *dev)
1582 {
1583         struct b43_wl *wl = dev->wl;
1584         u32 cmd, beacon0_valid, beacon1_valid;
1585
1586         if (!b43_is_mode(wl, IEEE80211_IF_TYPE_AP) &&
1587             !b43_is_mode(wl, IEEE80211_IF_TYPE_MESH_POINT))
1588                 return;
1589
1590         /* This is the bottom half of the asynchronous beacon update. */
1591
1592         /* Ignore interrupt in the future. */
1593         dev->irq_savedstate &= ~B43_IRQ_BEACON;
1594
1595         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1596         beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1597         beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1598
1599         /* Schedule interrupt manually, if busy. */
1600         if (beacon0_valid && beacon1_valid) {
1601                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1602                 dev->irq_savedstate |= B43_IRQ_BEACON;
1603                 return;
1604         }
1605
1606         if (unlikely(wl->beacon_templates_virgin)) {
1607                 /* We never uploaded a beacon before.
1608                  * Upload both templates now, but only mark one valid. */
1609                 wl->beacon_templates_virgin = 0;
1610                 b43_upload_beacon0(dev);
1611                 b43_upload_beacon1(dev);
1612                 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1613                 cmd |= B43_MACCMD_BEACON0_VALID;
1614                 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1615         } else {
1616                 if (!beacon0_valid) {
1617                         b43_upload_beacon0(dev);
1618                         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1619                         cmd |= B43_MACCMD_BEACON0_VALID;
1620                         b43_write32(dev, B43_MMIO_MACCMD, cmd);
1621                 } else if (!beacon1_valid) {
1622                         b43_upload_beacon1(dev);
1623                         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1624                         cmd |= B43_MACCMD_BEACON1_VALID;
1625                         b43_write32(dev, B43_MMIO_MACCMD, cmd);
1626                 }
1627         }
1628 }
1629
1630 static void b43_beacon_update_trigger_work(struct work_struct *work)
1631 {
1632         struct b43_wl *wl = container_of(work, struct b43_wl,
1633                                          beacon_update_trigger);
1634         struct b43_wldev *dev;
1635
1636         mutex_lock(&wl->mutex);
1637         dev = wl->current_dev;
1638         if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1639                 spin_lock_irq(&wl->irq_lock);
1640                 /* update beacon right away or defer to irq */
1641                 dev->irq_savedstate = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
1642                 handle_irq_beacon(dev);
1643                 /* The handler might have updated the IRQ mask. */
1644                 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK,
1645                             dev->irq_savedstate);
1646                 mmiowb();
1647                 spin_unlock_irq(&wl->irq_lock);
1648         }
1649         mutex_unlock(&wl->mutex);
1650 }
1651
1652 /* Asynchronously update the packet templates in template RAM.
1653  * Locking: Requires wl->irq_lock to be locked. */
1654 static void b43_update_templates(struct b43_wl *wl, struct sk_buff *beacon)
1655 {
1656         /* This is the top half of the ansynchronous beacon update.
1657          * The bottom half is the beacon IRQ.
1658          * Beacon update must be asynchronous to avoid sending an
1659          * invalid beacon. This can happen for example, if the firmware
1660          * transmits a beacon while we are updating it. */
1661
1662         if (wl->current_beacon)
1663                 dev_kfree_skb_any(wl->current_beacon);
1664         wl->current_beacon = beacon;
1665         wl->beacon0_uploaded = 0;
1666         wl->beacon1_uploaded = 0;
1667         queue_work(wl->hw->workqueue, &wl->beacon_update_trigger);
1668 }
1669
1670 static void b43_set_ssid(struct b43_wldev *dev, const u8 * ssid, u8 ssid_len)
1671 {
1672         u32 tmp;
1673         u16 i, len;
1674
1675         len = min((u16) ssid_len, (u16) 0x100);
1676         for (i = 0; i < len; i += sizeof(u32)) {
1677                 tmp = (u32) (ssid[i + 0]);
1678                 if (i + 1 < len)
1679                         tmp |= (u32) (ssid[i + 1]) << 8;
1680                 if (i + 2 < len)
1681                         tmp |= (u32) (ssid[i + 2]) << 16;
1682                 if (i + 3 < len)
1683                         tmp |= (u32) (ssid[i + 3]) << 24;
1684                 b43_shm_write32(dev, B43_SHM_SHARED, 0x380 + i, tmp);
1685         }
1686         b43_shm_write16(dev, B43_SHM_SHARED, 0x48, len);
1687 }
1688
1689 static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1690 {
1691         b43_time_lock(dev);
1692         if (dev->dev->id.revision >= 3) {
1693                 b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1694                 b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1695         } else {
1696                 b43_write16(dev, 0x606, (beacon_int >> 6));
1697                 b43_write16(dev, 0x610, beacon_int);
1698         }
1699         b43_time_unlock(dev);
1700         b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1701 }
1702
1703 static void b43_handle_firmware_panic(struct b43_wldev *dev)
1704 {
1705         u16 reason;
1706
1707         /* Read the register that contains the reason code for the panic. */
1708         reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_FWPANIC_REASON_REG);
1709         b43err(dev->wl, "Whoopsy, firmware panic! Reason: %u\n", reason);
1710
1711         switch (reason) {
1712         default:
1713                 b43dbg(dev->wl, "The panic reason is unknown.\n");
1714                 /* fallthrough */
1715         case B43_FWPANIC_DIE:
1716                 /* Do not restart the controller or firmware.
1717                  * The device is nonfunctional from now on.
1718                  * Restarting would result in this panic to trigger again,
1719                  * so we avoid that recursion. */
1720                 break;
1721         case B43_FWPANIC_RESTART:
1722                 b43_controller_restart(dev, "Microcode panic");
1723                 break;
1724         }
1725 }
1726
1727 static void handle_irq_ucode_debug(struct b43_wldev *dev)
1728 {
1729         unsigned int i, cnt;
1730         u16 reason, marker_id, marker_line;
1731         __le16 *buf;
1732
1733         /* The proprietary firmware doesn't have this IRQ. */
1734         if (!dev->fw.opensource)
1735                 return;
1736
1737         /* Read the register that contains the reason code for this IRQ. */
1738         reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_DEBUGIRQ_REASON_REG);
1739
1740         switch (reason) {
1741         case B43_DEBUGIRQ_PANIC:
1742                 b43_handle_firmware_panic(dev);
1743                 break;
1744         case B43_DEBUGIRQ_DUMP_SHM:
1745                 if (!B43_DEBUG)
1746                         break; /* Only with driver debugging enabled. */
1747                 buf = kmalloc(4096, GFP_ATOMIC);
1748                 if (!buf) {
1749                         b43dbg(dev->wl, "SHM-dump: Failed to allocate memory\n");
1750                         goto out;
1751                 }
1752                 for (i = 0; i < 4096; i += 2) {
1753                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, i);
1754                         buf[i / 2] = cpu_to_le16(tmp);
1755                 }
1756                 b43info(dev->wl, "Shared memory dump:\n");
1757                 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_OFFSET,
1758                                16, 2, buf, 4096, 1);
1759                 kfree(buf);
1760                 break;
1761         case B43_DEBUGIRQ_DUMP_REGS:
1762                 if (!B43_DEBUG)
1763                         break; /* Only with driver debugging enabled. */
1764                 b43info(dev->wl, "Microcode register dump:\n");
1765                 for (i = 0, cnt = 0; i < 64; i++) {
1766                         u16 tmp = b43_shm_read16(dev, B43_SHM_SCRATCH, i);
1767                         if (cnt == 0)
1768                                 printk(KERN_INFO);
1769                         printk("r%02u: 0x%04X  ", i, tmp);
1770                         cnt++;
1771                         if (cnt == 6) {
1772                                 printk("\n");
1773                                 cnt = 0;
1774                         }
1775                 }
1776                 printk("\n");
1777                 break;
1778         case B43_DEBUGIRQ_MARKER:
1779                 if (!B43_DEBUG)
1780                         break; /* Only with driver debugging enabled. */
1781                 marker_id = b43_shm_read16(dev, B43_SHM_SCRATCH,
1782                                            B43_MARKER_ID_REG);
1783                 marker_line = b43_shm_read16(dev, B43_SHM_SCRATCH,
1784                                              B43_MARKER_LINE_REG);
1785                 b43info(dev->wl, "The firmware just executed the MARKER(%u) "
1786                         "at line number %u\n",
1787                         marker_id, marker_line);
1788                 break;
1789         default:
1790                 b43dbg(dev->wl, "Debug-IRQ triggered for unknown reason: %u\n",
1791                        reason);
1792         }
1793 out:
1794         /* Acknowledge the debug-IRQ, so the firmware can continue. */
1795         b43_shm_write16(dev, B43_SHM_SCRATCH,
1796                         B43_DEBUGIRQ_REASON_REG, B43_DEBUGIRQ_ACK);
1797 }
1798
1799 /* Interrupt handler bottom-half */
1800 static void b43_interrupt_tasklet(struct b43_wldev *dev)
1801 {
1802         u32 reason;
1803         u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1804         u32 merged_dma_reason = 0;
1805         int i;
1806         unsigned long flags;
1807
1808         spin_lock_irqsave(&dev->wl->irq_lock, flags);
1809
1810         B43_WARN_ON(b43_status(dev) != B43_STAT_STARTED);
1811
1812         reason = dev->irq_reason;
1813         for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1814                 dma_reason[i] = dev->dma_reason[i];
1815                 merged_dma_reason |= dma_reason[i];
1816         }
1817
1818         if (unlikely(reason & B43_IRQ_MAC_TXERR))
1819                 b43err(dev->wl, "MAC transmission error\n");
1820
1821         if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1822                 b43err(dev->wl, "PHY transmission error\n");
1823                 rmb();
1824                 if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
1825                         atomic_set(&dev->phy.txerr_cnt,
1826                                    B43_PHY_TX_BADNESS_LIMIT);
1827                         b43err(dev->wl, "Too many PHY TX errors, "
1828                                         "restarting the controller\n");
1829                         b43_controller_restart(dev, "PHY TX errors");
1830                 }
1831         }
1832
1833         if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK |
1834                                           B43_DMAIRQ_NONFATALMASK))) {
1835                 if (merged_dma_reason & B43_DMAIRQ_FATALMASK) {
1836                         b43err(dev->wl, "Fatal DMA error: "
1837                                "0x%08X, 0x%08X, 0x%08X, "
1838                                "0x%08X, 0x%08X, 0x%08X\n",
1839                                dma_reason[0], dma_reason[1],
1840                                dma_reason[2], dma_reason[3],
1841                                dma_reason[4], dma_reason[5]);
1842                         b43_controller_restart(dev, "DMA error");
1843                         mmiowb();
1844                         spin_unlock_irqrestore(&dev->wl->irq_lock, flags);
1845                         return;
1846                 }
1847                 if (merged_dma_reason & B43_DMAIRQ_NONFATALMASK) {
1848                         b43err(dev->wl, "DMA error: "
1849                                "0x%08X, 0x%08X, 0x%08X, "
1850                                "0x%08X, 0x%08X, 0x%08X\n",
1851                                dma_reason[0], dma_reason[1],
1852                                dma_reason[2], dma_reason[3],
1853                                dma_reason[4], dma_reason[5]);
1854                 }
1855         }
1856
1857         if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
1858                 handle_irq_ucode_debug(dev);
1859         if (reason & B43_IRQ_TBTT_INDI)
1860                 handle_irq_tbtt_indication(dev);
1861         if (reason & B43_IRQ_ATIM_END)
1862                 handle_irq_atim_end(dev);
1863         if (reason & B43_IRQ_BEACON)
1864                 handle_irq_beacon(dev);
1865         if (reason & B43_IRQ_PMQ)
1866                 handle_irq_pmq(dev);
1867         if (reason & B43_IRQ_TXFIFO_FLUSH_OK)
1868                 ;/* TODO */
1869         if (reason & B43_IRQ_NOISESAMPLE_OK)
1870                 handle_irq_noise(dev);
1871
1872         /* Check the DMA reason registers for received data. */
1873         if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
1874                 if (b43_using_pio_transfers(dev))
1875                         b43_pio_rx(dev->pio.rx_queue);
1876                 else
1877                         b43_dma_rx(dev->dma.rx_ring);
1878         }
1879         B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
1880         B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
1881         B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
1882         B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
1883         B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
1884
1885         if (reason & B43_IRQ_TX_OK)
1886                 handle_irq_transmit_status(dev);
1887
1888         b43_interrupt_enable(dev, dev->irq_savedstate);
1889         mmiowb();
1890         spin_unlock_irqrestore(&dev->wl->irq_lock, flags);
1891 }
1892
1893 static void b43_interrupt_ack(struct b43_wldev *dev, u32 reason)
1894 {
1895         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
1896
1897         b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
1898         b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
1899         b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
1900         b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
1901         b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
1902         b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
1903 }
1904
1905 /* Interrupt handler top-half */
1906 static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
1907 {
1908         irqreturn_t ret = IRQ_NONE;
1909         struct b43_wldev *dev = dev_id;
1910         u32 reason;
1911
1912         if (!dev)
1913                 return IRQ_NONE;
1914
1915         spin_lock(&dev->wl->irq_lock);
1916
1917         if (b43_status(dev) < B43_STAT_STARTED)
1918                 goto out;
1919         reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
1920         if (reason == 0xffffffff)       /* shared IRQ */
1921                 goto out;
1922         ret = IRQ_HANDLED;
1923         reason &= b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
1924         if (!reason)
1925                 goto out;
1926
1927         dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
1928             & 0x0001DC00;
1929         dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
1930             & 0x0000DC00;
1931         dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
1932             & 0x0000DC00;
1933         dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
1934             & 0x0001DC00;
1935         dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
1936             & 0x0000DC00;
1937         dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
1938             & 0x0000DC00;
1939
1940         b43_interrupt_ack(dev, reason);
1941         /* disable all IRQs. They are enabled again in the bottom half. */
1942         dev->irq_savedstate = b43_interrupt_disable(dev, B43_IRQ_ALL);
1943         /* save the reason code and call our bottom half. */
1944         dev->irq_reason = reason;
1945         tasklet_schedule(&dev->isr_tasklet);
1946       out:
1947         mmiowb();
1948         spin_unlock(&dev->wl->irq_lock);
1949
1950         return ret;
1951 }
1952
1953 static void do_release_fw(struct b43_firmware_file *fw)
1954 {
1955         release_firmware(fw->data);
1956         fw->data = NULL;
1957         fw->filename = NULL;
1958 }
1959
1960 static void b43_release_firmware(struct b43_wldev *dev)
1961 {
1962         do_release_fw(&dev->fw.ucode);
1963         do_release_fw(&dev->fw.pcm);
1964         do_release_fw(&dev->fw.initvals);
1965         do_release_fw(&dev->fw.initvals_band);
1966 }
1967
1968 static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
1969 {
1970         const char *text;
1971
1972         text = "You must go to "
1973                "http://linuxwireless.org/en/users/Drivers/b43#devicefirmware "
1974                "and download the latest firmware (version 4).\n";
1975         if (error)
1976                 b43err(wl, text);
1977         else
1978                 b43warn(wl, text);
1979 }
1980
1981 static int do_request_fw(struct b43_wldev *dev,
1982                          const char *name,
1983                          struct b43_firmware_file *fw,
1984                          bool silent)
1985 {
1986         char path[sizeof(modparam_fwpostfix) + 32];
1987         const struct firmware *blob;
1988         struct b43_fw_header *hdr;
1989         u32 size;
1990         int err;
1991
1992         if (!name) {
1993                 /* Don't fetch anything. Free possibly cached firmware. */
1994                 do_release_fw(fw);
1995                 return 0;
1996         }
1997         if (fw->filename) {
1998                 if (strcmp(fw->filename, name) == 0)
1999                         return 0; /* Already have this fw. */
2000                 /* Free the cached firmware first. */
2001                 do_release_fw(fw);
2002         }
2003
2004         snprintf(path, ARRAY_SIZE(path),
2005                  "b43%s/%s.fw",
2006                  modparam_fwpostfix, name);
2007         err = request_firmware(&blob, path, dev->dev->dev);
2008         if (err == -ENOENT) {
2009                 if (!silent) {
2010                         b43err(dev->wl, "Firmware file \"%s\" not found\n",
2011                                path);
2012                 }
2013                 return err;
2014         } else if (err) {
2015                 b43err(dev->wl, "Firmware file \"%s\" request failed (err=%d)\n",
2016                        path, err);
2017                 return err;
2018         }
2019         if (blob->size < sizeof(struct b43_fw_header))
2020                 goto err_format;
2021         hdr = (struct b43_fw_header *)(blob->data);
2022         switch (hdr->type) {
2023         case B43_FW_TYPE_UCODE:
2024         case B43_FW_TYPE_PCM:
2025                 size = be32_to_cpu(hdr->size);
2026                 if (size != blob->size - sizeof(struct b43_fw_header))
2027                         goto err_format;
2028                 /* fallthrough */
2029         case B43_FW_TYPE_IV:
2030                 if (hdr->ver != 1)
2031                         goto err_format;
2032                 break;
2033         default:
2034                 goto err_format;
2035         }
2036
2037         fw->data = blob;
2038         fw->filename = name;
2039
2040         return 0;
2041
2042 err_format:
2043         b43err(dev->wl, "Firmware file \"%s\" format error.\n", path);
2044         release_firmware(blob);
2045
2046         return -EPROTO;
2047 }
2048
2049 static int b43_request_firmware(struct b43_wldev *dev)
2050 {
2051         struct b43_firmware *fw = &dev->fw;
2052         const u8 rev = dev->dev->id.revision;
2053         const char *filename;
2054         u32 tmshigh;
2055         int err;
2056
2057         /* Get microcode */
2058         tmshigh = ssb_read32(dev->dev, SSB_TMSHIGH);
2059         if ((rev >= 5) && (rev <= 10))
2060                 filename = "ucode5";
2061         else if ((rev >= 11) && (rev <= 12))
2062                 filename = "ucode11";
2063         else if (rev >= 13)
2064                 filename = "ucode13";
2065         else
2066                 goto err_no_ucode;
2067         err = do_request_fw(dev, filename, &fw->ucode, 0);
2068         if (err)
2069                 goto err_load;
2070
2071         /* Get PCM code */
2072         if ((rev >= 5) && (rev <= 10))
2073                 filename = "pcm5";
2074         else if (rev >= 11)
2075                 filename = NULL;
2076         else
2077                 goto err_no_pcm;
2078         fw->pcm_request_failed = 0;
2079         err = do_request_fw(dev, filename, &fw->pcm, 1);
2080         if (err == -ENOENT) {
2081                 /* We did not find a PCM file? Not fatal, but
2082                  * core rev <= 10 must do without hwcrypto then. */
2083                 fw->pcm_request_failed = 1;
2084         } else if (err)
2085                 goto err_load;
2086
2087         /* Get initvals */
2088         switch (dev->phy.type) {
2089         case B43_PHYTYPE_A:
2090                 if ((rev >= 5) && (rev <= 10)) {
2091                         if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2092                                 filename = "a0g1initvals5";
2093                         else
2094                                 filename = "a0g0initvals5";
2095                 } else
2096                         goto err_no_initvals;
2097                 break;
2098         case B43_PHYTYPE_G:
2099                 if ((rev >= 5) && (rev <= 10))
2100                         filename = "b0g0initvals5";
2101                 else if (rev >= 13)
2102                         filename = "b0g0initvals13";
2103                 else
2104                         goto err_no_initvals;
2105                 break;
2106         case B43_PHYTYPE_N:
2107                 if ((rev >= 11) && (rev <= 12))
2108                         filename = "n0initvals11";
2109                 else
2110                         goto err_no_initvals;
2111                 break;
2112         default:
2113                 goto err_no_initvals;
2114         }
2115         err = do_request_fw(dev, filename, &fw->initvals, 0);
2116         if (err)
2117                 goto err_load;
2118
2119         /* Get bandswitch initvals */
2120         switch (dev->phy.type) {
2121         case B43_PHYTYPE_A:
2122                 if ((rev >= 5) && (rev <= 10)) {
2123                         if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2124                                 filename = "a0g1bsinitvals5";
2125                         else
2126                                 filename = "a0g0bsinitvals5";
2127                 } else if (rev >= 11)
2128                         filename = NULL;
2129                 else
2130                         goto err_no_initvals;
2131                 break;
2132         case B43_PHYTYPE_G:
2133                 if ((rev >= 5) && (rev <= 10))
2134                         filename = "b0g0bsinitvals5";
2135                 else if (rev >= 11)
2136                         filename = NULL;
2137                 else
2138                         goto err_no_initvals;
2139                 break;
2140         case B43_PHYTYPE_N:
2141                 if ((rev >= 11) && (rev <= 12))
2142                         filename = "n0bsinitvals11";
2143                 else
2144                         goto err_no_initvals;
2145                 break;
2146         default:
2147                 goto err_no_initvals;
2148         }
2149         err = do_request_fw(dev, filename, &fw->initvals_band, 0);
2150         if (err)
2151                 goto err_load;
2152
2153         return 0;
2154
2155 err_load:
2156         b43_print_fw_helptext(dev->wl, 1);
2157         goto error;
2158
2159 err_no_ucode:
2160         err = -ENODEV;
2161         b43err(dev->wl, "No microcode available for core rev %u\n", rev);
2162         goto error;
2163
2164 err_no_pcm:
2165         err = -ENODEV;
2166         b43err(dev->wl, "No PCM available for core rev %u\n", rev);
2167         goto error;
2168
2169 err_no_initvals:
2170         err = -ENODEV;
2171         b43err(dev->wl, "No Initial Values firmware file for PHY %u, "
2172                "core rev %u\n", dev->phy.type, rev);
2173         goto error;
2174
2175 error:
2176         b43_release_firmware(dev);
2177         return err;
2178 }
2179
2180 static int b43_upload_microcode(struct b43_wldev *dev)
2181 {
2182         const size_t hdr_len = sizeof(struct b43_fw_header);
2183         const __be32 *data;
2184         unsigned int i, len;
2185         u16 fwrev, fwpatch, fwdate, fwtime;
2186         u32 tmp, macctl;
2187         int err = 0;
2188
2189         /* Jump the microcode PSM to offset 0 */
2190         macctl = b43_read32(dev, B43_MMIO_MACCTL);
2191         B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2192         macctl |= B43_MACCTL_PSM_JMP0;
2193         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2194         /* Zero out all microcode PSM registers and shared memory. */
2195         for (i = 0; i < 64; i++)
2196                 b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2197         for (i = 0; i < 4096; i += 2)
2198                 b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2199
2200         /* Upload Microcode. */
2201         data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2202         len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2203         b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2204         for (i = 0; i < len; i++) {
2205                 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2206                 udelay(10);
2207         }
2208
2209         if (dev->fw.pcm.data) {
2210                 /* Upload PCM data. */
2211                 data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2212                 len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2213                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2214                 b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2215                 /* No need for autoinc bit in SHM_HW */
2216                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2217                 for (i = 0; i < len; i++) {
2218                         b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2219                         udelay(10);
2220                 }
2221         }
2222
2223         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2224
2225         /* Start the microcode PSM */
2226         macctl = b43_read32(dev, B43_MMIO_MACCTL);
2227         macctl &= ~B43_MACCTL_PSM_JMP0;
2228         macctl |= B43_MACCTL_PSM_RUN;
2229         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2230
2231         /* Wait for the microcode to load and respond */
2232         i = 0;
2233         while (1) {
2234                 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2235                 if (tmp == B43_IRQ_MAC_SUSPENDED)
2236                         break;
2237                 i++;
2238                 if (i >= 20) {
2239                         b43err(dev->wl, "Microcode not responding\n");
2240                         b43_print_fw_helptext(dev->wl, 1);
2241                         err = -ENODEV;
2242                         goto error;
2243                 }
2244                 msleep_interruptible(50);
2245                 if (signal_pending(current)) {
2246                         err = -EINTR;
2247                         goto error;
2248                 }
2249         }
2250         b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);       /* dummy read */
2251
2252         /* Get and check the revisions. */
2253         fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2254         fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2255         fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2256         fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2257
2258         if (fwrev <= 0x128) {
2259                 b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2260                        "binary drivers older than version 4.x is unsupported. "
2261                        "You must upgrade your firmware files.\n");
2262                 b43_print_fw_helptext(dev->wl, 1);
2263                 err = -EOPNOTSUPP;
2264                 goto error;
2265         }
2266         dev->fw.rev = fwrev;
2267         dev->fw.patch = fwpatch;
2268         dev->fw.opensource = (fwdate == 0xFFFF);
2269
2270         if (dev->fw.opensource) {
2271                 /* Patchlevel info is encoded in the "time" field. */
2272                 dev->fw.patch = fwtime;
2273                 b43info(dev->wl, "Loading OpenSource firmware version %u.%u%s\n",
2274                         dev->fw.rev, dev->fw.patch,
2275                         dev->fw.pcm_request_failed ? " (Hardware crypto not supported)" : "");
2276         } else {
2277                 b43info(dev->wl, "Loading firmware version %u.%u "
2278                         "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2279                         fwrev, fwpatch,
2280                         (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2281                         (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2282                 if (dev->fw.pcm_request_failed) {
2283                         b43warn(dev->wl, "No \"pcm5.fw\" firmware file found. "
2284                                 "Hardware accelerated cryptography is disabled.\n");
2285                         b43_print_fw_helptext(dev->wl, 0);
2286                 }
2287         }
2288
2289         if (b43_is_old_txhdr_format(dev)) {
2290                 b43warn(dev->wl, "You are using an old firmware image. "
2291                         "Support for old firmware will be removed in July 2008.\n");
2292                 b43_print_fw_helptext(dev->wl, 0);
2293         }
2294
2295         return 0;
2296
2297 error:
2298         macctl = b43_read32(dev, B43_MMIO_MACCTL);
2299         macctl &= ~B43_MACCTL_PSM_RUN;
2300         macctl |= B43_MACCTL_PSM_JMP0;
2301         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2302
2303         return err;
2304 }
2305
2306 static int b43_write_initvals(struct b43_wldev *dev,
2307                               const struct b43_iv *ivals,
2308                               size_t count,
2309                               size_t array_size)
2310 {
2311         const struct b43_iv *iv;
2312         u16 offset;
2313         size_t i;
2314         bool bit32;
2315
2316         BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2317         iv = ivals;
2318         for (i = 0; i < count; i++) {
2319                 if (array_size < sizeof(iv->offset_size))
2320                         goto err_format;
2321                 array_size -= sizeof(iv->offset_size);
2322                 offset = be16_to_cpu(iv->offset_size);
2323                 bit32 = !!(offset & B43_IV_32BIT);
2324                 offset &= B43_IV_OFFSET_MASK;
2325                 if (offset >= 0x1000)
2326                         goto err_format;
2327                 if (bit32) {
2328                         u32 value;
2329
2330                         if (array_size < sizeof(iv->data.d32))
2331                                 goto err_format;
2332                         array_size -= sizeof(iv->data.d32);
2333
2334                         value = get_unaligned_be32(&iv->data.d32);
2335                         b43_write32(dev, offset, value);
2336
2337                         iv = (const struct b43_iv *)((const uint8_t *)iv +
2338                                                         sizeof(__be16) +
2339                                                         sizeof(__be32));
2340                 } else {
2341                         u16 value;
2342
2343                         if (array_size < sizeof(iv->data.d16))
2344                                 goto err_format;
2345                         array_size -= sizeof(iv->data.d16);
2346
2347                         value = be16_to_cpu(iv->data.d16);
2348                         b43_write16(dev, offset, value);
2349
2350                         iv = (const struct b43_iv *)((const uint8_t *)iv +
2351                                                         sizeof(__be16) +
2352                                                         sizeof(__be16));
2353                 }
2354         }
2355         if (array_size)
2356                 goto err_format;
2357
2358         return 0;
2359
2360 err_format:
2361         b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2362         b43_print_fw_helptext(dev->wl, 1);
2363
2364         return -EPROTO;
2365 }
2366
2367 static int b43_upload_initvals(struct b43_wldev *dev)
2368 {
2369         const size_t hdr_len = sizeof(struct b43_fw_header);
2370         const struct b43_fw_header *hdr;
2371         struct b43_firmware *fw = &dev->fw;
2372         const struct b43_iv *ivals;
2373         size_t count;
2374         int err;
2375
2376         hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2377         ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2378         count = be32_to_cpu(hdr->size);
2379         err = b43_write_initvals(dev, ivals, count,
2380                                  fw->initvals.data->size - hdr_len);
2381         if (err)
2382                 goto out;
2383         if (fw->initvals_band.data) {
2384                 hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2385                 ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2386                 count = be32_to_cpu(hdr->size);
2387                 err = b43_write_initvals(dev, ivals, count,
2388                                          fw->initvals_band.data->size - hdr_len);
2389                 if (err)
2390                         goto out;
2391         }
2392 out:
2393
2394         return err;
2395 }
2396
2397 /* Initialize the GPIOs
2398  * http://bcm-specs.sipsolutions.net/GPIO
2399  */
2400 static int b43_gpio_init(struct b43_wldev *dev)
2401 {
2402         struct ssb_bus *bus = dev->dev->bus;
2403         struct ssb_device *gpiodev, *pcidev = NULL;
2404         u32 mask, set;
2405
2406         b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2407                     & ~B43_MACCTL_GPOUTSMSK);
2408
2409         b43_write16(dev, B43_MMIO_GPIO_MASK, b43_read16(dev, B43_MMIO_GPIO_MASK)
2410                     | 0x000F);
2411
2412         mask = 0x0000001F;
2413         set = 0x0000000F;
2414         if (dev->dev->bus->chip_id == 0x4301) {
2415                 mask |= 0x0060;
2416                 set |= 0x0060;
2417         }
2418         if (0 /* FIXME: conditional unknown */ ) {
2419                 b43_write16(dev, B43_MMIO_GPIO_MASK,
2420                             b43_read16(dev, B43_MMIO_GPIO_MASK)
2421                             | 0x0100);
2422                 mask |= 0x0180;
2423                 set |= 0x0180;
2424         }
2425         if (dev->dev->bus->sprom.boardflags_lo & B43_BFL_PACTRL) {
2426                 b43_write16(dev, B43_MMIO_GPIO_MASK,
2427                             b43_read16(dev, B43_MMIO_GPIO_MASK)
2428                             | 0x0200);
2429                 mask |= 0x0200;
2430                 set |= 0x0200;
2431         }
2432         if (dev->dev->id.revision >= 2)
2433                 mask |= 0x0010; /* FIXME: This is redundant. */
2434
2435 #ifdef CONFIG_SSB_DRIVER_PCICORE
2436         pcidev = bus->pcicore.dev;
2437 #endif
2438         gpiodev = bus->chipco.dev ? : pcidev;
2439         if (!gpiodev)
2440                 return 0;
2441         ssb_write32(gpiodev, B43_GPIO_CONTROL,
2442                     (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2443                      & mask) | set);
2444
2445         return 0;
2446 }
2447
2448 /* Turn off all GPIO stuff. Call this on module unload, for example. */
2449 static void b43_gpio_cleanup(struct b43_wldev *dev)
2450 {
2451         struct ssb_bus *bus = dev->dev->bus;
2452         struct ssb_device *gpiodev, *pcidev = NULL;
2453
2454 #ifdef CONFIG_SSB_DRIVER_PCICORE
2455         pcidev = bus->pcicore.dev;
2456 #endif
2457         gpiodev = bus->chipco.dev ? : pcidev;
2458         if (!gpiodev)
2459                 return;
2460         ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2461 }
2462
2463 /* http://bcm-specs.sipsolutions.net/EnableMac */
2464 void b43_mac_enable(struct b43_wldev *dev)
2465 {
2466         dev->mac_suspended--;
2467         B43_WARN_ON(dev->mac_suspended < 0);
2468         if (dev->mac_suspended == 0) {
2469                 b43_write32(dev, B43_MMIO_MACCTL,
2470                             b43_read32(dev, B43_MMIO_MACCTL)
2471                             | B43_MACCTL_ENABLED);
2472                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2473                             B43_IRQ_MAC_SUSPENDED);
2474                 /* Commit writes */
2475                 b43_read32(dev, B43_MMIO_MACCTL);
2476                 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2477                 b43_power_saving_ctl_bits(dev, 0);
2478         }
2479 }
2480
2481 /* http://bcm-specs.sipsolutions.net/SuspendMAC */
2482 void b43_mac_suspend(struct b43_wldev *dev)
2483 {
2484         int i;
2485         u32 tmp;
2486
2487         might_sleep();
2488         B43_WARN_ON(dev->mac_suspended < 0);
2489
2490         if (dev->mac_suspended == 0) {
2491                 b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
2492                 b43_write32(dev, B43_MMIO_MACCTL,
2493                             b43_read32(dev, B43_MMIO_MACCTL)
2494                             & ~B43_MACCTL_ENABLED);
2495                 /* force pci to flush the write */
2496                 b43_read32(dev, B43_MMIO_MACCTL);
2497                 for (i = 35; i; i--) {
2498                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2499                         if (tmp & B43_IRQ_MAC_SUSPENDED)
2500                                 goto out;
2501                         udelay(10);
2502                 }
2503                 /* Hm, it seems this will take some time. Use msleep(). */
2504                 for (i = 40; i; i--) {
2505                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2506                         if (tmp & B43_IRQ_MAC_SUSPENDED)
2507                                 goto out;
2508                         msleep(1);
2509                 }
2510                 b43err(dev->wl, "MAC suspend failed\n");
2511         }
2512 out:
2513         dev->mac_suspended++;
2514 }
2515
2516 static void b43_adjust_opmode(struct b43_wldev *dev)
2517 {
2518         struct b43_wl *wl = dev->wl;
2519         u32 ctl;
2520         u16 cfp_pretbtt;
2521
2522         ctl = b43_read32(dev, B43_MMIO_MACCTL);
2523         /* Reset status to STA infrastructure mode. */
2524         ctl &= ~B43_MACCTL_AP;
2525         ctl &= ~B43_MACCTL_KEEP_CTL;
2526         ctl &= ~B43_MACCTL_KEEP_BADPLCP;
2527         ctl &= ~B43_MACCTL_KEEP_BAD;
2528         ctl &= ~B43_MACCTL_PROMISC;
2529         ctl &= ~B43_MACCTL_BEACPROMISC;
2530         ctl |= B43_MACCTL_INFRA;
2531
2532         if (b43_is_mode(wl, IEEE80211_IF_TYPE_AP) ||
2533             b43_is_mode(wl, IEEE80211_IF_TYPE_MESH_POINT))
2534                 ctl |= B43_MACCTL_AP;
2535         else if (b43_is_mode(wl, IEEE80211_IF_TYPE_IBSS))
2536                 ctl &= ~B43_MACCTL_INFRA;
2537
2538         if (wl->filter_flags & FIF_CONTROL)
2539                 ctl |= B43_MACCTL_KEEP_CTL;
2540         if (wl->filter_flags & FIF_FCSFAIL)
2541                 ctl |= B43_MACCTL_KEEP_BAD;
2542         if (wl->filter_flags & FIF_PLCPFAIL)
2543                 ctl |= B43_MACCTL_KEEP_BADPLCP;
2544         if (wl->filter_flags & FIF_PROMISC_IN_BSS)
2545                 ctl |= B43_MACCTL_PROMISC;
2546         if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
2547                 ctl |= B43_MACCTL_BEACPROMISC;
2548
2549         /* Workaround: On old hardware the HW-MAC-address-filter
2550          * doesn't work properly, so always run promisc in filter
2551          * it in software. */
2552         if (dev->dev->id.revision <= 4)
2553                 ctl |= B43_MACCTL_PROMISC;
2554
2555         b43_write32(dev, B43_MMIO_MACCTL, ctl);
2556
2557         cfp_pretbtt = 2;
2558         if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
2559                 if (dev->dev->bus->chip_id == 0x4306 &&
2560                     dev->dev->bus->chip_rev == 3)
2561                         cfp_pretbtt = 100;
2562                 else
2563                         cfp_pretbtt = 50;
2564         }
2565         b43_write16(dev, 0x612, cfp_pretbtt);
2566 }
2567
2568 static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
2569 {
2570         u16 offset;
2571
2572         if (is_ofdm) {
2573                 offset = 0x480;
2574                 offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
2575         } else {
2576                 offset = 0x4C0;
2577                 offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
2578         }
2579         b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
2580                         b43_shm_read16(dev, B43_SHM_SHARED, offset));
2581 }
2582
2583 static void b43_rate_memory_init(struct b43_wldev *dev)
2584 {
2585         switch (dev->phy.type) {
2586         case B43_PHYTYPE_A:
2587         case B43_PHYTYPE_G:
2588         case B43_PHYTYPE_N:
2589                 b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
2590                 b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
2591                 b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
2592                 b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
2593                 b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
2594                 b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
2595                 b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
2596                 if (dev->phy.type == B43_PHYTYPE_A)
2597                         break;
2598                 /* fallthrough */
2599         case B43_PHYTYPE_B:
2600                 b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
2601                 b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
2602                 b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
2603                 b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
2604                 break;
2605         default:
2606                 B43_WARN_ON(1);
2607         }
2608 }
2609
2610 /* Set the default values for the PHY TX Control Words. */
2611 static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
2612 {
2613         u16 ctl = 0;
2614
2615         ctl |= B43_TXH_PHY_ENC_CCK;
2616         ctl |= B43_TXH_PHY_ANT01AUTO;
2617         ctl |= B43_TXH_PHY_TXPWR;
2618
2619         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
2620         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
2621         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
2622 }
2623
2624 /* Set the TX-Antenna for management frames sent by firmware. */
2625 static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
2626 {
2627         u16 ant;
2628         u16 tmp;
2629
2630         ant = b43_antenna_to_phyctl(antenna);
2631
2632         /* For ACK/CTS */
2633         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
2634         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
2635         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
2636         /* For Probe Resposes */
2637         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
2638         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
2639         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
2640 }
2641
2642 /* This is the opposite of b43_chip_init() */
2643 static void b43_chip_exit(struct b43_wldev *dev)
2644 {
2645         b43_radio_turn_off(dev, 1);
2646         b43_gpio_cleanup(dev);
2647         b43_lo_g_cleanup(dev);
2648         /* firmware is released later */
2649 }
2650
2651 /* Initialize the chip
2652  * http://bcm-specs.sipsolutions.net/ChipInit
2653  */
2654 static int b43_chip_init(struct b43_wldev *dev)
2655 {
2656         struct b43_phy *phy = &dev->phy;
2657         int err, tmp;
2658         u32 value32, macctl;
2659         u16 value16;
2660
2661         /* Initialize the MAC control */
2662         macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
2663         if (dev->phy.gmode)
2664                 macctl |= B43_MACCTL_GMODE;
2665         macctl |= B43_MACCTL_INFRA;
2666         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2667
2668         err = b43_request_firmware(dev);
2669         if (err)
2670                 goto out;
2671         err = b43_upload_microcode(dev);
2672         if (err)
2673                 goto out;       /* firmware is released later */
2674
2675         err = b43_gpio_init(dev);
2676         if (err)
2677                 goto out;       /* firmware is released later */
2678
2679         err = b43_upload_initvals(dev);
2680         if (err)
2681                 goto err_gpio_clean;
2682         b43_radio_turn_on(dev);
2683
2684         b43_write16(dev, 0x03E6, 0x0000);
2685         err = b43_phy_init(dev);
2686         if (err)
2687                 goto err_radio_off;
2688
2689         /* Select initial Interference Mitigation. */
2690         tmp = phy->interfmode;
2691         phy->interfmode = B43_INTERFMODE_NONE;
2692         b43_radio_set_interference_mitigation(dev, tmp);
2693
2694         b43_set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
2695         b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
2696
2697         if (phy->type == B43_PHYTYPE_B) {
2698                 value16 = b43_read16(dev, 0x005E);
2699                 value16 |= 0x0004;
2700                 b43_write16(dev, 0x005E, value16);
2701         }
2702         b43_write32(dev, 0x0100, 0x01000000);
2703         if (dev->dev->id.revision < 5)
2704                 b43_write32(dev, 0x010C, 0x01000000);
2705
2706         b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2707                     & ~B43_MACCTL_INFRA);
2708         b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2709                     | B43_MACCTL_INFRA);
2710
2711         /* Probe Response Timeout value */
2712         /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
2713         b43_shm_write16(dev, B43_SHM_SHARED, 0x0074, 0x0000);
2714
2715         /* Initially set the wireless operation mode. */
2716         b43_adjust_opmode(dev);
2717
2718         if (dev->dev->id.revision < 3) {
2719                 b43_write16(dev, 0x060E, 0x0000);
2720                 b43_write16(dev, 0x0610, 0x8000);
2721                 b43_write16(dev, 0x0604, 0x0000);
2722                 b43_write16(dev, 0x0606, 0x0200);
2723         } else {
2724                 b43_write32(dev, 0x0188, 0x80000000);
2725                 b43_write32(dev, 0x018C, 0x02000000);
2726         }
2727         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
2728         b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001DC00);
2729         b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
2730         b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
2731         b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
2732         b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
2733         b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
2734
2735         value32 = ssb_read32(dev->dev, SSB_TMSLOW);
2736         value32 |= 0x00100000;
2737         ssb_write32(dev->dev, SSB_TMSLOW, value32);
2738
2739         b43_write16(dev, B43_MMIO_POWERUP_DELAY,
2740                     dev->dev->bus->chipco.fast_pwrup_delay);
2741
2742         err = 0;
2743         b43dbg(dev->wl, "Chip initialized\n");
2744 out:
2745         return err;
2746
2747 err_radio_off:
2748         b43_radio_turn_off(dev, 1);
2749 err_gpio_clean:
2750         b43_gpio_cleanup(dev);
2751         return err;
2752 }
2753
2754 static void b43_periodic_every60sec(struct b43_wldev *dev)
2755 {
2756         struct b43_phy *phy = &dev->phy;
2757
2758         if (phy->type != B43_PHYTYPE_G)
2759                 return;
2760         if (dev->dev->bus->sprom.boardflags_lo & B43_BFL_RSSI) {
2761                 b43_mac_suspend(dev);
2762                 b43_calc_nrssi_slope(dev);
2763                 if ((phy->radio_ver == 0x2050) && (phy->radio_rev == 8)) {
2764                         u8 old_chan = phy->channel;
2765
2766                         /* VCO Calibration */
2767                         if (old_chan >= 8)
2768                                 b43_radio_selectchannel(dev, 1, 0);
2769                         else
2770                                 b43_radio_selectchannel(dev, 13, 0);
2771                         b43_radio_selectchannel(dev, old_chan, 0);
2772                 }
2773                 b43_mac_enable(dev);
2774         }
2775 }
2776
2777 static void b43_periodic_every30sec(struct b43_wldev *dev)
2778 {
2779         /* Update device statistics. */
2780         b43_calculate_link_quality(dev);
2781 }
2782
2783 static void b43_periodic_every15sec(struct b43_wldev *dev)
2784 {
2785         struct b43_phy *phy = &dev->phy;
2786
2787         if (phy->type == B43_PHYTYPE_G) {
2788                 //TODO: update_aci_moving_average
2789                 if (phy->aci_enable && phy->aci_wlan_automatic) {
2790                         b43_mac_suspend(dev);
2791                         if (!phy->aci_enable && 1 /*TODO: not scanning? */ ) {
2792                                 if (0 /*TODO: bunch of conditions */ ) {
2793                                         b43_radio_set_interference_mitigation
2794                                             (dev, B43_INTERFMODE_MANUALWLAN);
2795                                 }
2796                         } else if (1 /*TODO*/) {
2797                                 /*
2798                                    if ((aci_average > 1000) && !(b43_radio_aci_scan(dev))) {
2799                                    b43_radio_set_interference_mitigation(dev,
2800                                    B43_INTERFMODE_NONE);
2801                                    }
2802                                  */
2803                         }
2804                         b43_mac_enable(dev);
2805                 } else if (phy->interfmode == B43_INTERFMODE_NONWLAN &&
2806                            phy->rev == 1) {
2807                         //TODO: implement rev1 workaround
2808                 }
2809         }
2810         b43_phy_xmitpower(dev); //FIXME: unless scanning?
2811         b43_lo_g_maintanance_work(dev);
2812         //TODO for APHY (temperature?)
2813
2814         atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
2815         wmb();
2816 }
2817
2818 static void do_periodic_work(struct b43_wldev *dev)
2819 {
2820         unsigned int state;
2821
2822         state = dev->periodic_state;
2823         if (state % 4 == 0)
2824                 b43_periodic_every60sec(dev);
2825         if (state % 2 == 0)
2826                 b43_periodic_every30sec(dev);
2827         b43_periodic_every15sec(dev);
2828 }
2829
2830 /* Periodic work locking policy:
2831  *      The whole periodic work handler is protected by
2832  *      wl->mutex. If another lock is needed somewhere in the
2833  *      pwork callchain, it's aquired in-place, where it's needed.
2834  */
2835 static void b43_periodic_work_handler(struct work_struct *work)
2836 {
2837         struct b43_wldev *dev = container_of(work, struct b43_wldev,
2838                                              periodic_work.work);
2839         struct b43_wl *wl = dev->wl;
2840         unsigned long delay;
2841
2842         mutex_lock(&wl->mutex);
2843
2844         if (unlikely(b43_status(dev) != B43_STAT_STARTED))
2845                 goto out;
2846         if (b43_debug(dev, B43_DBG_PWORK_STOP))
2847                 goto out_requeue;
2848
2849         do_periodic_work(dev);
2850
2851         dev->periodic_state++;
2852 out_requeue:
2853         if (b43_debug(dev, B43_DBG_PWORK_FAST))
2854                 delay = msecs_to_jiffies(50);
2855         else
2856                 delay = round_jiffies_relative(HZ * 15);
2857         queue_delayed_work(wl->hw->workqueue, &dev->periodic_work, delay);
2858 out:
2859         mutex_unlock(&wl->mutex);
2860 }
2861
2862 static void b43_periodic_tasks_setup(struct b43_wldev *dev)
2863 {
2864         struct delayed_work *work = &dev->periodic_work;
2865
2866         dev->periodic_state = 0;
2867         INIT_DELAYED_WORK(work, b43_periodic_work_handler);
2868         queue_delayed_work(dev->wl->hw->workqueue, work, 0);
2869 }
2870
2871 /* Check if communication with the device works correctly. */
2872 static int b43_validate_chipaccess(struct b43_wldev *dev)
2873 {
2874         u32 v, backup;
2875
2876         backup = b43_shm_read32(dev, B43_SHM_SHARED, 0);
2877
2878         /* Check for read/write and endianness problems. */
2879         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
2880         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
2881                 goto error;
2882         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
2883         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
2884                 goto error;
2885
2886         b43_shm_write32(dev, B43_SHM_SHARED, 0, backup);
2887
2888         if ((dev->dev->id.revision >= 3) && (dev->dev->id.revision <= 10)) {
2889                 /* The 32bit register shadows the two 16bit registers
2890                  * with update sideeffects. Validate this. */
2891                 b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
2892                 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
2893                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
2894                         goto error;
2895                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
2896                         goto error;
2897         }
2898         b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
2899
2900         v = b43_read32(dev, B43_MMIO_MACCTL);
2901         v |= B43_MACCTL_GMODE;
2902         if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
2903                 goto error;
2904
2905         return 0;
2906 error:
2907         b43err(dev->wl, "Failed to validate the chipaccess\n");
2908         return -ENODEV;
2909 }
2910
2911 static void b43_security_init(struct b43_wldev *dev)
2912 {
2913         dev->max_nr_keys = (dev->dev->id.revision >= 5) ? 58 : 20;
2914         B43_WARN_ON(dev->max_nr_keys > ARRAY_SIZE(dev->key));
2915         dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
2916         /* KTP is a word address, but we address SHM bytewise.
2917          * So multiply by two.
2918          */
2919         dev->ktp *= 2;
2920         if (dev->dev->id.revision >= 5) {
2921                 /* Number of RCMTA address slots */
2922                 b43_write16(dev, B43_MMIO_RCMTA_COUNT, dev->max_nr_keys - 8);
2923         }
2924         b43_clear_keys(dev);
2925 }
2926
2927 static int b43_rng_read(struct hwrng *rng, u32 * data)
2928 {
2929         struct b43_wl *wl = (struct b43_wl *)rng->priv;
2930         unsigned long flags;
2931
2932         /* Don't take wl->mutex here, as it could deadlock with
2933          * hwrng internal locking. It's not needed to take
2934          * wl->mutex here, anyway. */
2935
2936         spin_lock_irqsave(&wl->irq_lock, flags);
2937         *data = b43_read16(wl->current_dev, B43_MMIO_RNG);
2938         spin_unlock_irqrestore(&wl->irq_lock, flags);
2939
2940         return (sizeof(u16));
2941 }
2942
2943 static void b43_rng_exit(struct b43_wl *wl)
2944 {
2945         if (wl->rng_initialized)
2946                 hwrng_unregister(&wl->rng);
2947 }
2948
2949 static int b43_rng_init(struct b43_wl *wl)
2950 {
2951         int err;
2952
2953         snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
2954                  "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
2955         wl->rng.name = wl->rng_name;
2956         wl->rng.data_read = b43_rng_read;
2957         wl->rng.priv = (unsigned long)wl;
2958         wl->rng_initialized = 1;
2959         err = hwrng_register(&wl->rng);
2960         if (err) {
2961                 wl->rng_initialized = 0;
2962                 b43err(wl, "Failed to register the random "
2963                        "number generator (%d)\n", err);
2964         }
2965
2966         return err;
2967 }
2968
2969 static int b43_op_tx(struct ieee80211_hw *hw,
2970                      struct sk_buff *skb)
2971 {
2972         struct b43_wl *wl = hw_to_b43_wl(hw);
2973         struct b43_wldev *dev = wl->current_dev;
2974         unsigned long flags;
2975         int err;
2976
2977         if (unlikely(skb->len < 2 + 2 + 6)) {
2978                 /* Too short, this can't be a valid frame. */
2979                 goto drop_packet;
2980         }
2981         B43_WARN_ON(skb_shinfo(skb)->nr_frags);
2982         if (unlikely(!dev))
2983                 goto drop_packet;
2984
2985         /* Transmissions on seperate queues can run concurrently. */
2986         read_lock_irqsave(&wl->tx_lock, flags);
2987
2988         err = -ENODEV;
2989         if (likely(b43_status(dev) >= B43_STAT_STARTED)) {
2990                 if (b43_using_pio_transfers(dev))
2991                         err = b43_pio_tx(dev, skb);
2992                 else
2993                         err = b43_dma_tx(dev, skb);
2994         }
2995
2996         read_unlock_irqrestore(&wl->tx_lock, flags);
2997
2998         if (unlikely(err))
2999                 goto drop_packet;
3000         return NETDEV_TX_OK;
3001
3002 drop_packet:
3003         /* We can not transmit this packet. Drop it. */
3004         dev_kfree_skb_any(skb);
3005         return NETDEV_TX_OK;
3006 }
3007
3008 /* Locking: wl->irq_lock */
3009 static void b43_qos_params_upload(struct b43_wldev *dev,
3010                                   const struct ieee80211_tx_queue_params *p,
3011                                   u16 shm_offset)
3012 {
3013         u16 params[B43_NR_QOSPARAMS];
3014         int cw_min, cw_max, aifs, bslots, tmp;
3015         unsigned int i;
3016
3017         const u16 aCWmin = 0x0001;
3018         const u16 aCWmax = 0x03FF;
3019
3020         /* Calculate the default values for the parameters, if needed. */
3021         switch (shm_offset) {
3022         case B43_QOS_VOICE:
3023                 aifs = (p->aifs == -1) ? 2 : p->aifs;
3024                 cw_min = (p->cw_min == 0) ? ((aCWmin + 1) / 4 - 1) : p->cw_min;
3025                 cw_max = (p->cw_max == 0) ? ((aCWmin + 1) / 2 - 1) : p->cw_max;
3026                 break;
3027         case B43_QOS_VIDEO:
3028                 aifs = (p->aifs == -1) ? 2 : p->aifs;
3029                 cw_min = (p->cw_min == 0) ? ((aCWmin + 1) / 2 - 1) : p->cw_min;
3030                 cw_max = (p->cw_max == 0) ? aCWmin : p->cw_max;
3031                 break;
3032         case B43_QOS_BESTEFFORT:
3033                 aifs = (p->aifs == -1) ? 3 : p->aifs;
3034                 cw_min = (p->cw_min == 0) ? aCWmin : p->cw_min;
3035                 cw_max = (p->cw_max == 0) ? aCWmax : p->cw_max;
3036                 break;
3037         case B43_QOS_BACKGROUND:
3038                 aifs = (p->aifs == -1) ? 7 : p->aifs;
3039                 cw_min = (p->cw_min == 0) ? aCWmin : p->cw_min;
3040                 cw_max = (p->cw_max == 0) ? aCWmax : p->cw_max;
3041                 break;
3042         default:
3043                 B43_WARN_ON(1);
3044                 return;
3045         }
3046         if (cw_min <= 0)
3047                 cw_min = aCWmin;
3048         if (cw_max <= 0)
3049                 cw_max = aCWmin;
3050         bslots = b43_read16(dev, B43_MMIO_RNG) % cw_min;
3051
3052         memset(&params, 0, sizeof(params));
3053
3054         params[B43_QOSPARAM_TXOP] = p->txop * 32;
3055         params[B43_QOSPARAM_CWMIN] = cw_min;
3056         params[B43_QOSPARAM_CWMAX] = cw_max;
3057         params[B43_QOSPARAM_CWCUR] = cw_min;
3058         params[B43_QOSPARAM_AIFS] = aifs;
3059         params[B43_QOSPARAM_BSLOTS] = bslots;
3060         params[B43_QOSPARAM_REGGAP] = bslots + aifs;
3061
3062         for (i = 0; i < ARRAY_SIZE(params); i++) {
3063                 if (i == B43_QOSPARAM_STATUS) {
3064                         tmp = b43_shm_read16(dev, B43_SHM_SHARED,
3065                                              shm_offset + (i * 2));
3066                         /* Mark the parameters as updated. */
3067                         tmp |= 0x100;
3068                         b43_shm_write16(dev, B43_SHM_SHARED,
3069                                         shm_offset + (i * 2),
3070                                         tmp);
3071                 } else {
3072                         b43_shm_write16(dev, B43_SHM_SHARED,
3073                                         shm_offset + (i * 2),
3074                                         params[i]);
3075                 }
3076         }
3077 }
3078
3079 /* Update the QOS parameters in hardware. */
3080 static void b43_qos_update(struct b43_wldev *dev)
3081 {
3082         struct b43_wl *wl = dev->wl;
3083         struct b43_qos_params *params;
3084         unsigned long flags;
3085         unsigned int i;
3086
3087         /* Mapping of mac80211 queues to b43 SHM offsets. */
3088         static const u16 qos_shm_offsets[] = {
3089                 [0] = B43_QOS_VOICE,
3090                 [1] = B43_QOS_VIDEO,
3091                 [2] = B43_QOS_BESTEFFORT,
3092                 [3] = B43_QOS_BACKGROUND,
3093         };
3094         BUILD_BUG_ON(ARRAY_SIZE(qos_shm_offsets) != ARRAY_SIZE(wl->qos_params));
3095
3096         b43_mac_suspend(dev);
3097         spin_lock_irqsave(&wl->irq_lock, flags);
3098
3099         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3100                 params = &(wl->qos_params[i]);
3101                 if (params->need_hw_update) {
3102                         b43_qos_params_upload(dev, &(params->p),
3103                                               qos_shm_offsets[i]);
3104                         params->need_hw_update = 0;
3105                 }
3106         }
3107
3108         spin_unlock_irqrestore(&wl->irq_lock, flags);
3109         b43_mac_enable(dev);
3110 }
3111
3112 static void b43_qos_clear(struct b43_wl *wl)
3113 {
3114         struct b43_qos_params *params;
3115         unsigned int i;
3116
3117         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3118                 params = &(wl->qos_params[i]);
3119
3120                 memset(&(params->p), 0, sizeof(params->p));
3121                 params->p.aifs = -1;
3122                 params->need_hw_update = 1;
3123         }
3124 }
3125
3126 /* Initialize the core's QOS capabilities */
3127 static void b43_qos_init(struct b43_wldev *dev)
3128 {
3129         struct b43_wl *wl = dev->wl;
3130         unsigned int i;
3131
3132         /* Upload the current QOS parameters. */
3133         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++)
3134                 wl->qos_params[i].need_hw_update = 1;
3135         b43_qos_update(dev);
3136
3137         /* Enable QOS support. */
3138         b43_hf_write(dev, b43_hf_read(dev) | B43_HF_EDCF);
3139         b43_write16(dev, B43_MMIO_IFSCTL,
3140                     b43_read16(dev, B43_MMIO_IFSCTL)
3141                     | B43_MMIO_IFSCTL_USE_EDCF);
3142 }
3143
3144 static void b43_qos_update_work(struct work_struct *work)
3145 {
3146         struct b43_wl *wl = container_of(work, struct b43_wl, qos_update_work);
3147         struct b43_wldev *dev;
3148
3149         mutex_lock(&wl->mutex);
3150         dev = wl->current_dev;
3151         if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED)))
3152                 b43_qos_update(dev);
3153         mutex_unlock(&wl->mutex);
3154 }
3155
3156 static int b43_op_conf_tx(struct ieee80211_hw *hw, u16 _queue,
3157                           const struct ieee80211_tx_queue_params *params)
3158 {
3159         struct b43_wl *wl = hw_to_b43_wl(hw);
3160         unsigned long flags;
3161         unsigned int queue = (unsigned int)_queue;
3162         struct b43_qos_params *p;
3163
3164         if (queue >= ARRAY_SIZE(wl->qos_params)) {
3165                 /* Queue not available or don't support setting
3166                  * params on this queue. Return success to not
3167                  * confuse mac80211. */
3168                 return 0;
3169         }
3170
3171         spin_lock_irqsave(&wl->irq_lock, flags);
3172         p = &(wl->qos_params[queue]);
3173         memcpy(&(p->p), params, sizeof(p->p));
3174         p->need_hw_update = 1;
3175         spin_unlock_irqrestore(&wl->irq_lock, flags);
3176
3177         queue_work(hw->workqueue, &wl->qos_update_work);
3178
3179         return 0;
3180 }
3181
3182 static int b43_op_get_tx_stats(struct ieee80211_hw *hw,
3183                                struct ieee80211_tx_queue_stats *stats)
3184 {
3185         struct b43_wl *wl = hw_to_b43_wl(hw);
3186         struct b43_wldev *dev = wl->current_dev;
3187         unsigned long flags;
3188         int err = -ENODEV;
3189
3190         if (!dev)
3191                 goto out;
3192         spin_lock_irqsave(&wl->irq_lock, flags);
3193         if (likely(b43_status(dev) >= B43_STAT_STARTED)) {
3194                 if (b43_using_pio_transfers(dev))
3195                         b43_pio_get_tx_stats(dev, stats);
3196                 else
3197                         b43_dma_get_tx_stats(dev, stats);
3198                 err = 0;
3199         }
3200         spin_unlock_irqrestore(&wl->irq_lock, flags);
3201 out:
3202         return err;
3203 }
3204
3205 static int b43_op_get_stats(struct ieee80211_hw *hw,
3206                             struct ieee80211_low_level_stats *stats)
3207 {
3208         struct b43_wl *wl = hw_to_b43_wl(hw);
3209         unsigned long flags;
3210
3211         spin_lock_irqsave(&wl->irq_lock, flags);
3212         memcpy(stats, &wl->ieee_stats, sizeof(*stats));
3213         spin_unlock_irqrestore(&wl->irq_lock, flags);
3214
3215         return 0;
3216 }
3217
3218 static void b43_put_phy_into_reset(struct b43_wldev *dev)
3219 {
3220         struct ssb_device *sdev = dev->dev;
3221         u32 tmslow;
3222
3223         tmslow = ssb_read32(sdev, SSB_TMSLOW);
3224         tmslow &= ~B43_TMSLOW_GMODE;
3225         tmslow |= B43_TMSLOW_PHYRESET;
3226         tmslow |= SSB_TMSLOW_FGC;
3227         ssb_write32(sdev, SSB_TMSLOW, tmslow);
3228         msleep(1);
3229
3230         tmslow = ssb_read32(sdev, SSB_TMSLOW);
3231         tmslow &= ~SSB_TMSLOW_FGC;
3232         tmslow |= B43_TMSLOW_PHYRESET;
3233         ssb_write32(sdev, SSB_TMSLOW, tmslow);
3234         msleep(1);
3235 }
3236
3237 static const char * band_to_string(enum ieee80211_band band)
3238 {
3239         switch (band) {
3240         case IEEE80211_BAND_5GHZ:
3241                 return "5";
3242         case IEEE80211_BAND_2GHZ:
3243                 return "2.4";
3244         default:
3245                 break;
3246         }
3247         B43_WARN_ON(1);
3248         return "";
3249 }
3250
3251 /* Expects wl->mutex locked */
3252 static int b43_switch_band(struct b43_wl *wl, struct ieee80211_channel *chan)
3253 {
3254         struct b43_wldev *up_dev = NULL;
3255         struct b43_wldev *down_dev;
3256         struct b43_wldev *d;
3257         int err;
3258         bool gmode;
3259         int prev_status;
3260
3261         /* Find a device and PHY which supports the band. */
3262         list_for_each_entry(d, &wl->devlist, list) {
3263                 switch (chan->band) {
3264                 case IEEE80211_BAND_5GHZ:
3265                         if (d->phy.supports_5ghz) {
3266                                 up_dev = d;
3267                                 gmode = 0;
3268                         }
3269                         break;
3270                 case IEEE80211_BAND_2GHZ:
3271                         if (d->phy.supports_2ghz) {
3272                                 up_dev = d;
3273                                 gmode = 1;
3274                         }
3275                         break;
3276                 default:
3277                         B43_WARN_ON(1);
3278                         return -EINVAL;
3279                 }
3280                 if (up_dev)
3281                         break;
3282         }
3283         if (!up_dev) {
3284                 b43err(wl, "Could not find a device for %s-GHz band operation\n",
3285                        band_to_string(chan->band));
3286                 return -ENODEV;
3287         }
3288         if ((up_dev == wl->current_dev) &&
3289             (!!wl->current_dev->phy.gmode == !!gmode)) {
3290                 /* This device is already running. */
3291                 return 0;
3292         }
3293         b43dbg(wl, "Switching to %s-GHz band\n",
3294                band_to_string(chan->band));
3295         down_dev = wl->current_dev;
3296
3297         prev_status = b43_status(down_dev);
3298         /* Shutdown the currently running core. */
3299         if (prev_status >= B43_STAT_STARTED)
3300                 b43_wireless_core_stop(down_dev);
3301         if (prev_status >= B43_STAT_INITIALIZED)
3302                 b43_wireless_core_exit(down_dev);
3303
3304         if (down_dev != up_dev) {
3305                 /* We switch to a different core, so we put PHY into
3306                  * RESET on the old core. */
3307                 b43_put_phy_into_reset(down_dev);
3308         }
3309
3310         /* Now start the new core. */
3311         up_dev->phy.gmode = gmode;
3312         if (prev_status >= B43_STAT_INITIALIZED) {
3313                 err = b43_wireless_core_init(up_dev);
3314                 if (err) {
3315                         b43err(wl, "Fatal: Could not initialize device for "
3316                                "selected %s-GHz band\n",
3317                                band_to_string(chan->band));
3318                         goto init_failure;
3319                 }
3320         }
3321         if (prev_status >= B43_STAT_STARTED) {
3322                 err = b43_wireless_core_start(up_dev);
3323                 if (err) {
3324                         b43err(wl, "Fatal: Coult not start device for "
3325                                "selected %s-GHz band\n",
3326                                band_to_string(chan->band));
3327                         b43_wireless_core_exit(up_dev);
3328                         goto init_failure;
3329                 }
3330         }
3331         B43_WARN_ON(b43_status(up_dev) != prev_status);
3332
3333         wl->current_dev = up_dev;
3334
3335         return 0;
3336 init_failure:
3337         /* Whoops, failed to init the new core. No core is operating now. */
3338         wl->current_dev = NULL;
3339         return err;
3340 }
3341
3342 static int b43_op_config(struct ieee80211_hw *hw, struct ieee80211_conf *conf)
3343 {
3344         struct b43_wl *wl = hw_to_b43_wl(hw);
3345         struct b43_wldev *dev;
3346         struct b43_phy *phy;
3347         unsigned long flags;
3348         int antenna;
3349         int err = 0;
3350         u32 savedirqs;
3351
3352         mutex_lock(&wl->mutex);
3353
3354         /* Switch the band (if necessary). This might change the active core. */
3355         err = b43_switch_band(wl, conf->channel);
3356         if (err)
3357                 goto out_unlock_mutex;
3358         dev = wl->current_dev;
3359         phy = &dev->phy;
3360
3361         /* Disable IRQs while reconfiguring the device.
3362          * This makes it possible to drop the spinlock throughout
3363          * the reconfiguration process. */
3364         spin_lock_irqsave(&wl->irq_lock, flags);
3365         if (b43_status(dev) < B43_STAT_STARTED) {
3366                 spin_unlock_irqrestore(&wl->irq_lock, flags);
3367                 goto out_unlock_mutex;
3368         }
3369         savedirqs = b43_interrupt_disable(dev, B43_IRQ_ALL);
3370         spin_unlock_irqrestore(&wl->irq_lock, flags);
3371         b43_synchronize_irq(dev);
3372
3373         /* Switch to the requested channel.
3374          * The firmware takes care of races with the TX handler. */
3375         if (conf->channel->hw_value != phy->channel)
3376                 b43_radio_selectchannel(dev, conf->channel->hw_value, 0);
3377
3378         /* Enable/Disable ShortSlot timing. */
3379         if ((!!(conf->flags & IEEE80211_CONF_SHORT_SLOT_TIME)) !=
3380             dev->short_slot) {
3381                 B43_WARN_ON(phy->type != B43_PHYTYPE_G);
3382                 if (conf->flags & IEEE80211_CONF_SHORT_SLOT_TIME)
3383                         b43_short_slot_timing_enable(dev);
3384                 else
3385                         b43_short_slot_timing_disable(dev);
3386         }
3387
3388         dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_RADIOTAP);
3389
3390         /* Adjust the desired TX power level. */
3391         if (conf->power_level != 0) {
3392                 if (conf->power_level != phy->power_level) {
3393                         phy->power_level = conf->power_level;
3394                         b43_phy_xmitpower(dev);
3395                 }
3396         }
3397
3398         /* Antennas for RX and management frame TX. */
3399         antenna = b43_antenna_from_ieee80211(dev, conf->antenna_sel_tx);
3400         b43_mgmtframe_txantenna(dev, antenna);
3401         antenna = b43_antenna_from_ieee80211(dev, conf->antenna_sel_rx);
3402         b43_set_rx_antenna(dev, antenna);
3403
3404         /* Update templates for AP/mesh mode. */
3405         if (b43_is_mode(wl, IEEE80211_IF_TYPE_AP) ||
3406             b43_is_mode(wl, IEEE80211_IF_TYPE_MESH_POINT))
3407                 b43_set_beacon_int(dev, conf->beacon_int);
3408
3409         if (!!conf->radio_enabled != phy->radio_on) {
3410                 if (conf->radio_enabled) {
3411                         b43_radio_turn_on(dev);
3412                         b43info(dev->wl, "Radio turned on by software\n");
3413                         if (!dev->radio_hw_enable) {
3414                                 b43info(dev->wl, "The hardware RF-kill button "
3415                                         "still turns the radio physically off. "
3416                                         "Press the button to turn it on.\n");
3417                         }
3418                 } else {
3419                         b43_radio_turn_off(dev, 0);
3420                         b43info(dev->wl, "Radio turned off by software\n");
3421                 }
3422         }
3423
3424         spin_lock_irqsave(&wl->irq_lock, flags);
3425         b43_interrupt_enable(dev, savedirqs);
3426         mmiowb();
3427         spin_unlock_irqrestore(&wl->irq_lock, flags);
3428       out_unlock_mutex:
3429         mutex_unlock(&wl->mutex);
3430
3431         return err;
3432 }
3433
3434 static int b43_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
3435                            const u8 *local_addr, const u8 *addr,
3436                            struct ieee80211_key_conf *key)
3437 {
3438         struct b43_wl *wl = hw_to_b43_wl(hw);
3439         struct b43_wldev *dev;
3440         unsigned long flags;
3441         u8 algorithm;
3442         u8 index;
3443         int err;
3444         DECLARE_MAC_BUF(mac);
3445
3446         if (modparam_nohwcrypt)
3447                 return -ENOSPC; /* User disabled HW-crypto */
3448
3449         mutex_lock(&wl->mutex);
3450         spin_lock_irqsave(&wl->irq_lock, flags);
3451
3452         dev = wl->current_dev;
3453         err = -ENODEV;
3454         if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
3455                 goto out_unlock;
3456
3457         if (dev->fw.pcm_request_failed) {
3458                 /* We don't have firmware for the crypto engine.
3459                  * Must use software-crypto. */
3460                 err = -EOPNOTSUPP;
3461                 goto out_unlock;
3462         }
3463
3464         err = -EINVAL;
3465         switch (key->alg) {
3466         case ALG_WEP:
3467                 if (key->keylen == 5)
3468                         algorithm = B43_SEC_ALGO_WEP40;
3469                 else
3470                         algorithm = B43_SEC_ALGO_WEP104;
3471                 break;
3472         case ALG_TKIP:
3473                 algorithm = B43_SEC_ALGO_TKIP;
3474                 break;
3475         case ALG_CCMP:
3476                 algorithm = B43_SEC_ALGO_AES;
3477                 break;
3478         default:
3479                 B43_WARN_ON(1);
3480                 goto out_unlock;
3481         }
3482         index = (u8) (key->keyidx);
3483         if (index > 3)
3484                 goto out_unlock;
3485
3486         switch (cmd) {
3487         case SET_KEY:
3488                 if (algorithm == B43_SEC_ALGO_TKIP) {
3489                         /* FIXME: No TKIP hardware encryption for now. */
3490                         err = -EOPNOTSUPP;
3491                         goto out_unlock;
3492                 }
3493
3494                 if (is_broadcast_ether_addr(addr)) {
3495                         /* addr is FF:FF:FF:FF:FF:FF for default keys */
3496                         err = b43_key_write(dev, index, algorithm,
3497                                             key->key, key->keylen, NULL, key);
3498                 } else {
3499                         /*
3500                          * either pairwise key or address is 00:00:00:00:00:00
3501                          * for transmit-only keys
3502                          */
3503                         err = b43_key_write(dev, -1, algorithm,
3504                                             key->key, key->keylen, addr, key);
3505                 }
3506                 if (err)
3507                         goto out_unlock;
3508
3509                 if (algorithm == B43_SEC_ALGO_WEP40 ||
3510                     algorithm == B43_SEC_ALGO_WEP104) {
3511                         b43_hf_write(dev, b43_hf_read(dev) | B43_HF_USEDEFKEYS);
3512                 } else {
3513                         b43_hf_write(dev,
3514                                      b43_hf_read(dev) & ~B43_HF_USEDEFKEYS);
3515                 }
3516                 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
3517                 break;
3518         case DISABLE_KEY: {
3519                 err = b43_key_clear(dev, key->hw_key_idx);
3520                 if (err)
3521                         goto out_unlock;
3522                 break;
3523         }
3524         default:
3525                 B43_WARN_ON(1);
3526         }
3527 out_unlock:
3528         spin_unlock_irqrestore(&wl->irq_lock, flags);
3529         mutex_unlock(&wl->mutex);
3530         if (!err) {
3531                 b43dbg(wl, "%s hardware based encryption for keyidx: %d, "
3532                        "mac: %s\n",
3533                        cmd == SET_KEY ? "Using" : "Disabling", key->keyidx,
3534                        print_mac(mac, addr));
3535         }
3536         return err;
3537 }
3538
3539 static void b43_op_configure_filter(struct ieee80211_hw *hw,
3540                                     unsigned int changed, unsigned int *fflags,
3541                                     int mc_count, struct dev_addr_list *mc_list)
3542 {
3543         struct b43_wl *wl = hw_to_b43_wl(hw);
3544         struct b43_wldev *dev = wl->current_dev;
3545         unsigned long flags;
3546
3547         if (!dev) {
3548                 *fflags = 0;
3549                 return;
3550         }
3551
3552         spin_lock_irqsave(&wl->irq_lock, flags);
3553         *fflags &= FIF_PROMISC_IN_BSS |
3554                   FIF_ALLMULTI |
3555                   FIF_FCSFAIL |
3556                   FIF_PLCPFAIL |
3557                   FIF_CONTROL |
3558                   FIF_OTHER_BSS |
3559                   FIF_BCN_PRBRESP_PROMISC;
3560
3561         changed &= FIF_PROMISC_IN_BSS |
3562                    FIF_ALLMULTI |
3563                    FIF_FCSFAIL |
3564                    FIF_PLCPFAIL |
3565                    FIF_CONTROL |
3566                    FIF_OTHER_BSS |
3567                    FIF_BCN_PRBRESP_PROMISC;
3568
3569         wl->filter_flags = *fflags;
3570
3571         if (changed && b43_status(dev) >= B43_STAT_INITIALIZED)
3572                 b43_adjust_opmode(dev);
3573         spin_unlock_irqrestore(&wl->irq_lock, flags);
3574 }
3575
3576 static int b43_op_config_interface(struct ieee80211_hw *hw,
3577                                    struct ieee80211_vif *vif,
3578                                    struct ieee80211_if_conf *conf)
3579 {
3580         struct b43_wl *wl = hw_to_b43_wl(hw);
3581         struct b43_wldev *dev = wl->current_dev;
3582         unsigned long flags;
3583
3584         if (!dev)
3585                 return -ENODEV;
3586         mutex_lock(&wl->mutex);
3587         spin_lock_irqsave(&wl->irq_lock, flags);
3588         B43_WARN_ON(wl->vif != vif);
3589         if (conf->bssid)
3590                 memcpy(wl->bssid, conf->bssid, ETH_ALEN);
3591         else
3592                 memset(wl->bssid, 0, ETH_ALEN);
3593         if (b43_status(dev) >= B43_STAT_INITIALIZED) {
3594                 if (b43_is_mode(wl, IEEE80211_IF_TYPE_AP) ||
3595                     b43_is_mode(wl, IEEE80211_IF_TYPE_MESH_POINT)) {
3596                         B43_WARN_ON(conf->type != wl->if_type);
3597                         b43_set_ssid(dev, conf->ssid, conf->ssid_len);
3598                         if (conf->beacon)
3599                                 b43_update_templates(wl, conf->beacon);
3600                 }
3601                 b43_write_mac_bssid_templates(dev);
3602         }
3603         spin_unlock_irqrestore(&wl->irq_lock, flags);
3604         mutex_unlock(&wl->mutex);
3605
3606         return 0;
3607 }
3608
3609 /* Locking: wl->mutex */
3610 static void b43_wireless_core_stop(struct b43_wldev *dev)
3611 {
3612         struct b43_wl *wl = dev->wl;
3613         unsigned long flags;
3614
3615         if (b43_status(dev) < B43_STAT_STARTED)
3616                 return;
3617
3618         /* Disable and sync interrupts. We must do this before than
3619          * setting the status to INITIALIZED, as the interrupt handler
3620          * won't care about IRQs then. */
3621         spin_lock_irqsave(&wl->irq_lock, flags);
3622         dev->irq_savedstate = b43_interrupt_disable(dev, B43_IRQ_ALL);
3623         b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* flush */
3624         spin_unlock_irqrestore(&wl->irq_lock, flags);
3625         b43_synchronize_irq(dev);
3626
3627         write_lock_irqsave(&wl->tx_lock, flags);
3628         b43_set_status(dev, B43_STAT_INITIALIZED);
3629         write_unlock_irqrestore(&wl->tx_lock, flags);
3630
3631         b43_pio_stop(dev);
3632         mutex_unlock(&wl->mutex);
3633         /* Must unlock as it would otherwise deadlock. No races here.
3634          * Cancel the possibly running self-rearming periodic work. */
3635         cancel_delayed_work_sync(&dev->periodic_work);
3636         mutex_lock(&wl->mutex);
3637
3638         b43_mac_suspend(dev);
3639         free_irq(dev->dev->irq, dev);
3640         b43dbg(wl, "Wireless interface stopped\n");
3641 }
3642
3643 /* Locking: wl->mutex */
3644 static int b43_wireless_core_start(struct b43_wldev *dev)
3645 {
3646         int err;
3647
3648         B43_WARN_ON(b43_status(dev) != B43_STAT_INITIALIZED);
3649
3650         drain_txstatus_queue(dev);
3651         err = request_irq(dev->dev->irq, b43_interrupt_handler,
3652                           IRQF_SHARED, KBUILD_MODNAME, dev);
3653         if (err) {
3654                 b43err(dev->wl, "Cannot request IRQ-%d\n", dev->dev->irq);
3655                 goto out;
3656         }
3657
3658         /* We are ready to run. */
3659         b43_set_status(dev, B43_STAT_STARTED);
3660
3661         /* Start data flow (TX/RX). */
3662         b43_mac_enable(dev);
3663         b43_interrupt_enable(dev, dev->irq_savedstate);
3664
3665         /* Start maintainance work */
3666         b43_periodic_tasks_setup(dev);
3667
3668         b43dbg(dev->wl, "Wireless interface started\n");
3669       out:
3670         return err;
3671 }
3672
3673 /* Get PHY and RADIO versioning numbers */
3674 static int b43_phy_versioning(struct b43_wldev *dev)
3675 {
3676         struct b43_phy *phy = &dev->phy;
3677         u32 tmp;
3678         u8 analog_type;
3679         u8 phy_type;
3680         u8 phy_rev;
3681         u16 radio_manuf;
3682         u16 radio_ver;
3683         u16 radio_rev;
3684         int unsupported = 0;
3685
3686         /* Get PHY versioning */
3687         tmp = b43_read16(dev, B43_MMIO_PHY_VER);
3688         analog_type = (tmp & B43_PHYVER_ANALOG) >> B43_PHYVER_ANALOG_SHIFT;
3689         phy_type = (tmp & B43_PHYVER_TYPE) >> B43_PHYVER_TYPE_SHIFT;
3690         phy_rev = (tmp & B43_PHYVER_VERSION);
3691         switch (phy_type) {
3692         case B43_PHYTYPE_A:
3693                 if (phy_rev >= 4)
3694                         unsupported = 1;
3695                 break;
3696         case B43_PHYTYPE_B:
3697                 if (phy_rev != 2 && phy_rev != 4 && phy_rev != 6
3698                     && phy_rev != 7)
3699                         unsupported = 1;
3700                 break;
3701         case B43_PHYTYPE_G:
3702                 if (phy_rev > 9)
3703                         unsupported = 1;
3704                 break;
3705 #ifdef CONFIG_B43_NPHY
3706         case B43_PHYTYPE_N:
3707                 if (phy_rev > 1)
3708                         unsupported = 1;
3709                 break;
3710 #endif
3711         default:
3712                 unsupported = 1;
3713         };
3714         if (unsupported) {
3715                 b43err(dev->wl, "FOUND UNSUPPORTED PHY "
3716                        "(Analog %u, Type %u, Revision %u)\n",
3717                        analog_type, phy_type, phy_rev);
3718                 return -EOPNOTSUPP;
3719         }
3720         b43dbg(dev->wl, "Found PHY: Analog %u, Type %u, Revision %u\n",
3721                analog_type, phy_type, phy_rev);
3722
3723         /* Get RADIO versioning */
3724         if (dev->dev->bus->chip_id == 0x4317) {
3725                 if (dev->dev->bus->chip_rev == 0)
3726                         tmp = 0x3205017F;
3727                 else if (dev->dev->bus->chip_rev == 1)
3728                         tmp = 0x4205017F;
3729                 else
3730                         tmp = 0x5205017F;
3731         } else {
3732                 b43_write16(dev, B43_MMIO_RADIO_CONTROL, B43_RADIOCTL_ID);
3733                 tmp = b43_read16(dev, B43_MMIO_RADIO_DATA_LOW);
3734                 b43_write16(dev, B43_MMIO_RADIO_CONTROL, B43_RADIOCTL_ID);
3735                 tmp |= (u32)b43_read16(dev, B43_MMIO_RADIO_DATA_HIGH) << 16;
3736         }
3737         radio_manuf = (tmp & 0x00000FFF);
3738         radio_ver = (tmp & 0x0FFFF000) >> 12;
3739         radio_rev = (tmp & 0xF0000000) >> 28;
3740         if (radio_manuf != 0x17F /* Broadcom */)
3741                 unsupported = 1;
3742         switch (phy_type) {
3743         case B43_PHYTYPE_A:
3744                 if (radio_ver != 0x2060)
3745                         unsupported = 1;
3746                 if (radio_rev != 1)
3747                         unsupported = 1;
3748                 if (radio_manuf != 0x17F)
3749                         unsupported = 1;
3750                 break;
3751         case B43_PHYTYPE_B:
3752                 if ((radio_ver & 0xFFF0) != 0x2050)
3753                         unsupported = 1;
3754                 break;
3755         case B43_PHYTYPE_G:
3756                 if (radio_ver != 0x2050)
3757                         unsupported = 1;
3758                 break;
3759         case B43_PHYTYPE_N:
3760                 if (radio_ver != 0x2055)
3761                         unsupported = 1;
3762                 break;
3763         default:
3764                 B43_WARN_ON(1);
3765         }
3766         if (unsupported) {
3767                 b43err(dev->wl, "FOUND UNSUPPORTED RADIO "
3768                        "(Manuf 0x%X, Version 0x%X, Revision %u)\n",
3769                        radio_manuf, radio_ver, radio_rev);
3770                 return -EOPNOTSUPP;
3771         }
3772         b43dbg(dev->wl, "Found Radio: Manuf 0x%X, Version 0x%X, Revision %u\n",
3773                radio_manuf, radio_ver, radio_rev);
3774
3775         phy->radio_manuf = radio_manuf;
3776         phy->radio_ver = radio_ver;
3777         phy->radio_rev = radio_rev;
3778
3779         phy->analog = analog_type;
3780         phy->type = phy_type;
3781         phy->rev = phy_rev;
3782
3783         return 0;
3784 }
3785
3786 static void setup_struct_phy_for_init(struct b43_wldev *dev,
3787                                       struct b43_phy *phy)
3788 {
3789         struct b43_txpower_lo_control *lo;
3790         int i;
3791
3792         memset(phy->minlowsig, 0xFF, sizeof(phy->minlowsig));
3793         memset(phy->minlowsigpos, 0, sizeof(phy->minlowsigpos));
3794
3795         phy->aci_enable = 0;
3796         phy->aci_wlan_automatic = 0;
3797         phy->aci_hw_rssi = 0;
3798
3799         phy->radio_off_context.valid = 0;
3800
3801         lo = phy->lo_control;
3802         if (lo) {
3803                 memset(lo, 0, sizeof(*(phy->lo_control)));
3804                 lo->tx_bias = 0xFF;
3805                 INIT_LIST_HEAD(&lo->calib_list);
3806         }
3807         phy->max_lb_gain = 0;
3808         phy->trsw_rx_gain = 0;
3809         phy->txpwr_offset = 0;
3810
3811         /* NRSSI */
3812         phy->nrssislope = 0;
3813         for (i = 0; i < ARRAY_SIZE(phy->nrssi); i++)
3814                 phy->nrssi[i] = -1000;
3815         for (i = 0; i < ARRAY_SIZE(phy->nrssi_lt); i++)
3816                 phy->nrssi_lt[i] = i;
3817
3818         phy->lofcal = 0xFFFF;
3819         phy->initval = 0xFFFF;
3820
3821         phy->interfmode = B43_INTERFMODE_NONE;
3822         phy->channel = 0xFF;
3823
3824         phy->hardware_power_control = !!modparam_hwpctl;
3825
3826         /* PHY TX errors counter. */
3827         atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
3828
3829         /* OFDM-table address caching. */
3830         phy->ofdmtab_addr_direction = B43_OFDMTAB_DIRECTION_UNKNOWN;
3831 }
3832
3833 static void setup_struct_wldev_for_init(struct b43_wldev *dev)
3834 {
3835         dev->dfq_valid = 0;
3836
3837         /* Assume the radio is enabled. If it's not enabled, the state will
3838          * immediately get fixed on the first periodic work run. */
3839         dev->radio_hw_enable = 1;
3840
3841         /* Stats */
3842         memset(&dev->stats, 0, sizeof(dev->stats));
3843
3844         setup_struct_phy_for_init(dev, &dev->phy);
3845
3846         /* IRQ related flags */
3847         dev->irq_reason = 0;
3848         memset(dev->dma_reason, 0, sizeof(dev->dma_reason));
3849         dev->irq_savedstate = B43_IRQ_MASKTEMPLATE;
3850
3851         dev->mac_suspended = 1;
3852
3853         /* Noise calculation context */
3854         memset(&dev->noisecalc, 0, sizeof(dev->noisecalc));
3855 }
3856
3857 static void b43_bluetooth_coext_enable(struct b43_wldev *dev)
3858 {
3859         struct ssb_sprom *sprom = &dev->dev->bus->sprom;
3860         u64 hf;
3861
3862         if (!modparam_btcoex)
3863                 return;
3864         if (!(sprom->boardflags_lo & B43_BFL_BTCOEXIST))
3865                 return;
3866         if (dev->phy.type != B43_PHYTYPE_B && !dev->phy.gmode)
3867                 return;
3868
3869         hf = b43_hf_read(dev);
3870         if (sprom->boardflags_lo & B43_BFL_BTCMOD)
3871                 hf |= B43_HF_BTCOEXALT;
3872         else
3873                 hf |= B43_HF_BTCOEX;
3874         b43_hf_write(dev, hf);
3875 }
3876
3877 static void b43_bluetooth_coext_disable(struct b43_wldev *dev)
3878 {
3879         if (!modparam_btcoex)
3880                 return;
3881         //TODO
3882 }
3883
3884 static void b43_imcfglo_timeouts_workaround(struct b43_wldev *dev)
3885 {
3886 #ifdef CONFIG_SSB_DRIVER_PCICORE
3887         struct ssb_bus *bus = dev->dev->bus;
3888         u32 tmp;
3889
3890         if (bus->pcicore.dev &&
3891             bus->pcicore.dev->id.coreid == SSB_DEV_PCI &&
3892             bus->pcicore.dev->id.revision <= 5) {
3893                 /* IMCFGLO timeouts workaround. */
3894                 tmp = ssb_read32(dev->dev, SSB_IMCFGLO);
3895                 tmp &= ~SSB_IMCFGLO_REQTO;
3896                 tmp &= ~SSB_IMCFGLO_SERTO;
3897                 switch (bus->bustype) {
3898                 case SSB_BUSTYPE_PCI:
3899                 case SSB_BUSTYPE_PCMCIA:
3900                         tmp |= 0x32;
3901                         break;
3902                 case SSB_BUSTYPE_SSB:
3903                         tmp |= 0x53;
3904                         break;
3905                 }
3906                 ssb_write32(dev->dev, SSB_IMCFGLO, tmp);
3907         }
3908 #endif /* CONFIG_SSB_DRIVER_PCICORE */
3909 }
3910
3911 /* Write the short and long frame retry limit values. */
3912 static void b43_set_retry_limits(struct b43_wldev *dev,
3913                                  unsigned int short_retry,
3914                                  unsigned int long_retry)
3915 {
3916         /* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
3917          * the chip-internal counter. */
3918         short_retry = min(short_retry, (unsigned int)0xF);
3919         long_retry = min(long_retry, (unsigned int)0xF);
3920
3921         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
3922                         short_retry);
3923         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
3924                         long_retry);
3925 }
3926
3927 static void b43_set_synth_pu_delay(struct b43_wldev *dev, bool idle)
3928 {
3929         u16 pu_delay;
3930
3931         /* The time value is in microseconds. */
3932         if (dev->phy.type == B43_PHYTYPE_A)
3933                 pu_delay = 3700;
3934         else
3935                 pu_delay = 1050;
3936         if (b43_is_mode(dev->wl, IEEE80211_IF_TYPE_IBSS) || idle)
3937                 pu_delay = 500;
3938         if ((dev->phy.radio_ver == 0x2050) && (dev->phy.radio_rev == 8))
3939                 pu_delay = max(pu_delay, (u16)2400);
3940
3941         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SPUWKUP, pu_delay);
3942 }
3943
3944 /* Set the TSF CFP pre-TargetBeaconTransmissionTime. */
3945 static void b43_set_pretbtt(struct b43_wldev *dev)
3946 {
3947         u16 pretbtt;
3948
3949         /* The time value is in microseconds. */
3950         if (b43_is_mode(dev->wl, IEEE80211_IF_TYPE_IBSS)) {
3951                 pretbtt = 2;
3952         } else {
3953                 if (dev->phy.type == B43_PHYTYPE_A)
3954                         pretbtt = 120;
3955                 else
3956                         pretbtt = 250;
3957         }
3958         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRETBTT, pretbtt);
3959         b43_write16(dev, B43_MMIO_TSF_CFP_PRETBTT, pretbtt);
3960 }
3961
3962 /* Shutdown a wireless core */
3963 /* Locking: wl->mutex */
3964 static void b43_wireless_core_exit(struct b43_wldev *dev)
3965 {
3966         struct b43_phy *phy = &dev->phy;
3967         u32 macctl;
3968
3969         B43_WARN_ON(b43_status(dev) > B43_STAT_INITIALIZED);
3970         if (b43_status(dev) != B43_STAT_INITIALIZED)
3971                 return;
3972         b43_set_status(dev, B43_STAT_UNINIT);
3973
3974         /* Stop the microcode PSM. */
3975         macctl = b43_read32(dev, B43_MMIO_MACCTL);
3976         macctl &= ~B43_MACCTL_PSM_RUN;
3977         macctl |= B43_MACCTL_PSM_JMP0;
3978         b43_write32(dev, B43_MMIO_MACCTL, macctl);
3979
3980         if (!dev->suspend_in_progress) {
3981                 b43_leds_exit(dev);
3982                 b43_rng_exit(dev->wl);
3983         }
3984         b43_dma_free(dev);
3985         b43_pio_free(dev);
3986         b43_chip_exit(dev);
3987         b43_radio_turn_off(dev, 1);
3988         b43_switch_analog(dev, 0);
3989         if (phy->dyn_tssi_tbl)
3990                 kfree(phy->tssi2dbm);
3991         kfree(phy->lo_control);
3992         phy->lo_control = NULL;
3993         if (dev->wl->current_beacon) {
3994                 dev_kfree_skb_any(dev->wl->current_beacon);
3995                 dev->wl->current_beacon = NULL;
3996         }
3997
3998         ssb_device_disable(dev->dev, 0);
3999         ssb_bus_may_powerdown(dev->dev->bus);
4000 }
4001
4002 /* Initialize a wireless core */
4003 static int b43_wireless_core_init(struct b43_wldev *dev)
4004 {
4005         struct b43_wl *wl = dev->wl;
4006         struct ssb_bus *bus = dev->dev->bus;
4007         struct ssb_sprom *sprom = &bus->sprom;
4008         struct b43_phy *phy = &dev->phy;
4009         int err;
4010         u64 hf;
4011         u32 tmp;
4012
4013         B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4014
4015         err = ssb_bus_powerup(bus, 0);
4016         if (err)
4017                 goto out;
4018         if (!ssb_device_is_enabled(dev->dev)) {
4019                 tmp = phy->gmode ? B43_TMSLOW_GMODE : 0;
4020                 b43_wireless_core_reset(dev, tmp);
4021         }
4022
4023         if ((phy->type == B43_PHYTYPE_B) || (phy->type == B43_PHYTYPE_G)) {
4024                 phy->lo_control =
4025                     kzalloc(sizeof(*(phy->lo_control)), GFP_KERNEL);
4026                 if (!phy->lo_control) {
4027                         err = -ENOMEM;
4028                         goto err_busdown;
4029                 }
4030         }
4031         setup_struct_wldev_for_init(dev);
4032
4033         err = b43_phy_init_tssi2dbm_table(dev);
4034         if (err)
4035                 goto err_kfree_lo_control;
4036
4037         /* Enable IRQ routing to this device. */
4038         ssb_pcicore_dev_irqvecs_enable(&bus->pcicore, dev->dev);
4039
4040         b43_imcfglo_timeouts_workaround(dev);
4041         b43_bluetooth_coext_disable(dev);
4042         b43_phy_early_init(dev);
4043         err = b43_chip_init(dev);
4044         if (err)
4045                 goto err_kfree_tssitbl;
4046         b43_shm_write16(dev, B43_SHM_SHARED,
4047                         B43_SHM_SH_WLCOREREV, dev->dev->id.revision);
4048         hf = b43_hf_read(dev);
4049         if (phy->type == B43_PHYTYPE_G) {
4050                 hf |= B43_HF_SYMW;
4051                 if (phy->rev == 1)
4052                         hf |= B43_HF_GDCW;
4053                 if (sprom->boardflags_lo & B43_BFL_PACTRL)
4054                         hf |= B43_HF_OFDMPABOOST;
4055         } else if (phy->type == B43_PHYTYPE_B) {
4056                 hf |= B43_HF_SYMW;
4057                 if (phy->rev >= 2 && phy->radio_ver == 0x2050)
4058                         hf &= ~B43_HF_GDCW;
4059         }
4060         b43_hf_write(dev, hf);
4061
4062         b43_set_retry_limits(dev, B43_DEFAULT_SHORT_RETRY_LIMIT,
4063                              B43_DEFAULT_LONG_RETRY_LIMIT);
4064         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SFFBLIM, 3);
4065         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_LFFBLIM, 2);
4066
4067         /* Disable sending probe responses from firmware.
4068          * Setting the MaxTime to one usec will always trigger
4069          * a timeout, so we never send any probe resp.
4070          * A timeout of zero is infinite. */
4071         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 1);
4072
4073         b43_rate_memory_init(dev);
4074         b43_set_phytxctl_defaults(dev);
4075
4076         /* Minimum Contention Window */
4077         if (phy->type == B43_PHYTYPE_B) {
4078                 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0x1F);
4079         } else {
4080                 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0xF);
4081         }
4082         /* Maximum Contention Window */
4083         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MAXCONT, 0x3FF);
4084
4085         if ((dev->dev->bus->bustype == SSB_BUSTYPE_PCMCIA) || B43_FORCE_PIO) {
4086                 dev->__using_pio_transfers = 1;
4087                 err = b43_pio_init(dev);
4088         } else {
4089                 dev->__using_pio_transfers = 0;
4090                 err = b43_dma_init(dev);
4091         }
4092         if (err)
4093                 goto err_chip_exit;
4094         b43_qos_init(dev);
4095         b43_set_synth_pu_delay(dev, 1);
4096         b43_bluetooth_coext_enable(dev);
4097
4098         ssb_bus_powerup(bus, 1);        /* Enable dynamic PCTL */
4099         b43_upload_card_macaddress(dev);
4100         b43_security_init(dev);
4101         if (!dev->suspend_in_progress)
4102                 b43_rng_init(wl);
4103
4104         b43_set_status(dev, B43_STAT_INITIALIZED);
4105
4106         if (!dev->suspend_in_progress)
4107                 b43_leds_init(dev);
4108 out:
4109         return err;
4110
4111       err_chip_exit:
4112         b43_chip_exit(dev);
4113       err_kfree_tssitbl:
4114         if (phy->dyn_tssi_tbl)
4115                 kfree(phy->tssi2dbm);
4116       err_kfree_lo_control:
4117         kfree(phy->lo_control);
4118         phy->lo_control = NULL;
4119       err_busdown:
4120         ssb_bus_may_powerdown(bus);
4121         B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4122         return err;
4123 }
4124
4125 static int b43_op_add_interface(struct ieee80211_hw *hw,
4126                                 struct ieee80211_if_init_conf *conf)
4127 {
4128         struct b43_wl *wl = hw_to_b43_wl(hw);
4129         struct b43_wldev *dev;
4130         unsigned long flags;
4131         int err = -EOPNOTSUPP;
4132
4133         /* TODO: allow WDS/AP devices to coexist */
4134
4135         if (conf->type != IEEE80211_IF_TYPE_AP &&
4136             conf->type != IEEE80211_IF_TYPE_MESH_POINT &&
4137             conf->type != IEEE80211_IF_TYPE_STA &&
4138             conf->type != IEEE80211_IF_TYPE_WDS &&
4139             conf->type != IEEE80211_IF_TYPE_IBSS)
4140                 return -EOPNOTSUPP;
4141
4142         mutex_lock(&wl->mutex);
4143         if (wl->operating)
4144                 goto out_mutex_unlock;
4145
4146         b43dbg(wl, "Adding Interface type %d\n", conf->type);
4147
4148         dev = wl->current_dev;
4149         wl->operating = 1;
4150         wl->vif = conf->vif;
4151         wl->if_type = conf->type;
4152         memcpy(wl->mac_addr, conf->mac_addr, ETH_ALEN);
4153
4154         spin_lock_irqsave(&wl->irq_lock, flags);
4155         b43_adjust_opmode(dev);
4156         b43_set_pretbtt(dev);
4157         b43_set_synth_pu_delay(dev, 0);
4158         b43_upload_card_macaddress(dev);
4159         spin_unlock_irqrestore(&wl->irq_lock, flags);
4160
4161         err = 0;
4162  out_mutex_unlock:
4163         mutex_unlock(&wl->mutex);
4164
4165         return err;
4166 }
4167
4168 static void b43_op_remove_interface(struct ieee80211_hw *hw,
4169                                     struct ieee80211_if_init_conf *conf)
4170 {
4171         struct b43_wl *wl = hw_to_b43_wl(hw);
4172         struct b43_wldev *dev = wl->current_dev;
4173         unsigned long flags;
4174
4175         b43dbg(wl, "Removing Interface type %d\n", conf->type);
4176
4177         mutex_lock(&wl->mutex);
4178
4179         B43_WARN_ON(!wl->operating);
4180         B43_WARN_ON(wl->vif != conf->vif);
4181         wl->vif = NULL;
4182
4183         wl->operating = 0;
4184
4185         spin_lock_irqsave(&wl->irq_lock, flags);
4186         b43_adjust_opmode(dev);
4187         memset(wl->mac_addr, 0, ETH_ALEN);
4188         b43_upload_card_macaddress(dev);
4189         spin_unlock_irqrestore(&wl->irq_lock, flags);
4190
4191         mutex_unlock(&wl->mutex);
4192 }
4193
4194 static int b43_op_start(struct ieee80211_hw *hw)
4195 {
4196         struct b43_wl *wl = hw_to_b43_wl(hw);
4197         struct b43_wldev *dev = wl->current_dev;
4198         int did_init = 0;
4199         int err = 0;
4200         bool do_rfkill_exit = 0;
4201
4202         /* Kill all old instance specific information to make sure
4203          * the card won't use it in the short timeframe between start
4204          * and mac80211 reconfiguring it. */
4205         memset(wl->bssid, 0, ETH_ALEN);
4206         memset(wl->mac_addr, 0, ETH_ALEN);
4207         wl->filter_flags = 0;
4208         wl->radiotap_enabled = 0;
4209         b43_qos_clear(wl);
4210         wl->beacon0_uploaded = 0;
4211         wl->beacon1_uploaded = 0;
4212         wl->beacon_templates_virgin = 1;
4213
4214         /* First register RFkill.
4215          * LEDs that are registered later depend on it. */
4216         b43_rfkill_init(dev);
4217
4218         mutex_lock(&wl->mutex);
4219
4220         if (b43_status(dev) < B43_STAT_INITIALIZED) {
4221                 err = b43_wireless_core_init(dev);
4222                 if (err) {
4223                         do_rfkill_exit = 1;
4224                         goto out_mutex_unlock;
4225                 }
4226                 did_init = 1;
4227         }
4228
4229         if (b43_status(dev) < B43_STAT_STARTED) {
4230                 err = b43_wireless_core_start(dev);
4231                 if (err) {
4232                         if (did_init)
4233                                 b43_wireless_core_exit(dev);
4234                         do_rfkill_exit = 1;
4235                         goto out_mutex_unlock;
4236                 }
4237         }
4238
4239  out_mutex_unlock:
4240         mutex_unlock(&wl->mutex);
4241
4242         if (do_rfkill_exit)
4243                 b43_rfkill_exit(dev);
4244
4245         return err;
4246 }
4247
4248 static void b43_op_stop(struct ieee80211_hw *hw)
4249 {
4250         struct b43_wl *wl = hw_to_b43_wl(hw);
4251         struct b43_wldev *dev = wl->current_dev;
4252
4253         b43_rfkill_exit(dev);
4254         cancel_work_sync(&(wl->qos_update_work));
4255         cancel_work_sync(&(wl->beacon_update_trigger));
4256
4257         mutex_lock(&wl->mutex);
4258         if (b43_status(dev) >= B43_STAT_STARTED)
4259                 b43_wireless_core_stop(dev);
4260         b43_wireless_core_exit(dev);
4261         mutex_unlock(&wl->mutex);
4262 }
4263
4264 static int b43_op_set_retry_limit(struct ieee80211_hw *hw,
4265                                   u32 short_retry_limit, u32 long_retry_limit)
4266 {
4267         struct b43_wl *wl = hw_to_b43_wl(hw);
4268         struct b43_wldev *dev;
4269         int err = 0;
4270
4271         mutex_lock(&wl->mutex);
4272         dev = wl->current_dev;
4273         if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED))) {
4274                 err = -ENODEV;
4275                 goto out_unlock;
4276         }
4277         b43_set_retry_limits(dev, short_retry_limit, long_retry_limit);
4278 out_unlock:
4279         mutex_unlock(&wl->mutex);
4280
4281         return err;
4282 }
4283
4284 static int b43_op_beacon_set_tim(struct ieee80211_hw *hw, int aid, int set)
4285 {
4286         struct b43_wl *wl = hw_to_b43_wl(hw);
4287         struct sk_buff *beacon;
4288         unsigned long flags;
4289
4290         /* We could modify the existing beacon and set the aid bit in
4291          * the TIM field, but that would probably require resizing and
4292          * moving of data within the beacon template.
4293          * Simply request a new beacon and let mac80211 do the hard work. */
4294         beacon = ieee80211_beacon_get(hw, wl->vif);
4295         if (unlikely(!beacon))
4296                 return -ENOMEM;
4297         spin_lock_irqsave(&wl->irq_lock, flags);
4298         b43_update_templates(wl, beacon);
4299         spin_unlock_irqrestore(&wl->irq_lock, flags);
4300
4301         return 0;
4302 }
4303
4304 static int b43_op_ibss_beacon_update(struct ieee80211_hw *hw,
4305                                      struct sk_buff *beacon)
4306 {
4307         struct b43_wl *wl = hw_to_b43_wl(hw);
4308         unsigned long flags;
4309
4310         spin_lock_irqsave(&wl->irq_lock, flags);
4311         b43_update_templates(wl, beacon);
4312         spin_unlock_irqrestore(&wl->irq_lock, flags);
4313
4314         return 0;
4315 }
4316
4317 static void b43_op_sta_notify(struct ieee80211_hw *hw,
4318                               struct ieee80211_vif *vif,
4319                               enum sta_notify_cmd notify_cmd,
4320                               const u8 *addr)
4321 {
4322         struct b43_wl *wl = hw_to_b43_wl(hw);
4323
4324         B43_WARN_ON(!vif || wl->vif != vif);
4325 }
4326
4327 static const struct ieee80211_ops b43_hw_ops = {
4328         .tx                     = b43_op_tx,
4329         .conf_tx                = b43_op_conf_tx,
4330         .add_interface          = b43_op_add_interface,
4331         .remove_interface       = b43_op_remove_interface,
4332         .config                 = b43_op_config,
4333         .config_interface       = b43_op_config_interface,
4334         .configure_filter       = b43_op_configure_filter,
4335         .set_key                = b43_op_set_key,
4336         .get_stats              = b43_op_get_stats,
4337         .get_tx_stats           = b43_op_get_tx_stats,
4338         .start                  = b43_op_start,
4339         .stop                   = b43_op_stop,
4340         .set_retry_limit        = b43_op_set_retry_limit,
4341         .set_tim                = b43_op_beacon_set_tim,
4342         .beacon_update          = b43_op_ibss_beacon_update,
4343         .sta_notify             = b43_op_sta_notify,
4344 };
4345
4346 /* Hard-reset the chip. Do not call this directly.
4347  * Use b43_controller_restart()
4348  */
4349 static void b43_chip_reset(struct work_struct *work)
4350 {
4351         struct b43_wldev *dev =
4352             container_of(work, struct b43_wldev, restart_work);
4353         struct b43_wl *wl = dev->wl;
4354         int err = 0;
4355         int prev_status;
4356
4357         mutex_lock(&wl->mutex);
4358
4359         prev_status = b43_status(dev);
4360         /* Bring the device down... */
4361         if (prev_status >= B43_STAT_STARTED)
4362                 b43_wireless_core_stop(dev);
4363         if (prev_status >= B43_STAT_INITIALIZED)
4364                 b43_wireless_core_exit(dev);
4365
4366         /* ...and up again. */
4367         if (prev_status >= B43_STAT_INITIALIZED) {
4368                 err = b43_wireless_core_init(dev);
4369                 if (err)
4370                         goto out;
4371         }
4372         if (prev_status >= B43_STAT_STARTED) {
4373                 err = b43_wireless_core_start(dev);
4374                 if (err) {
4375                         b43_wireless_core_exit(dev);
4376                         goto out;
4377                 }
4378         }
4379 out:
4380         if (err)
4381                 wl->current_dev = NULL; /* Failed to init the dev. */
4382         mutex_unlock(&wl->mutex);
4383         if (err)
4384                 b43err(wl, "Controller restart FAILED\n");
4385         else
4386                 b43info(wl, "Controller restarted\n");
4387 }
4388
4389 static int b43_setup_bands(struct b43_wldev *dev,
4390                            bool have_2ghz_phy, bool have_5ghz_phy)
4391 {
4392         struct ieee80211_hw *hw = dev->wl->hw;
4393
4394         if (have_2ghz_phy)
4395                 hw->wiphy->bands[IEEE80211_BAND_2GHZ] = &b43_band_2GHz;
4396         if (dev->phy.type == B43_PHYTYPE_N) {
4397                 if (have_5ghz_phy)
4398                         hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_nphy;
4399         } else {
4400                 if (have_5ghz_phy)
4401                         hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_aphy;
4402         }
4403
4404         dev->phy.supports_2ghz = have_2ghz_phy;
4405         dev->phy.supports_5ghz = have_5ghz_phy;
4406
4407         return 0;
4408 }
4409
4410 static void b43_wireless_core_detach(struct b43_wldev *dev)
4411 {
4412         /* We release firmware that late to not be required to re-request
4413          * is all the time when we reinit the core. */
4414         b43_release_firmware(dev);
4415 }
4416
4417 static int b43_wireless_core_attach(struct b43_wldev *dev)
4418 {
4419         struct b43_wl *wl = dev->wl;
4420         struct ssb_bus *bus = dev->dev->bus;
4421         struct pci_dev *pdev = bus->host_pci;
4422         int err;
4423         bool have_2ghz_phy = 0, have_5ghz_phy = 0;
4424         u32 tmp;
4425
4426         /* Do NOT do any device initialization here.
4427          * Do it in wireless_core_init() instead.
4428          * This function is for gathering basic information about the HW, only.
4429          * Also some structs may be set up here. But most likely you want to have
4430          * that in core_init(), too.
4431          */
4432
4433         err = ssb_bus_powerup(bus, 0);
4434         if (err) {
4435                 b43err(wl, "Bus powerup failed\n");
4436                 goto out;
4437         }
4438         /* Get the PHY type. */
4439         if (dev->dev->id.revision >= 5) {
4440                 u32 tmshigh;
4441
4442                 tmshigh = ssb_read32(dev->dev, SSB_TMSHIGH);
4443                 have_2ghz_phy = !!(tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY);
4444                 have_5ghz_phy = !!(tmshigh & B43_TMSHIGH_HAVE_5GHZ_PHY);
4445         } else
4446                 B43_WARN_ON(1);
4447
4448         dev->phy.gmode = have_2ghz_phy;
4449         tmp = dev->phy.gmode ? B43_TMSLOW_GMODE : 0;
4450         b43_wireless_core_reset(dev, tmp);
4451
4452         err = b43_phy_versioning(dev);
4453         if (err)
4454                 goto err_powerdown;
4455         /* Check if this device supports multiband. */
4456         if (!pdev ||
4457             (pdev->device != 0x4312 &&
4458              pdev->device != 0x4319 && pdev->device != 0x4324)) {
4459                 /* No multiband support. */
4460                 have_2ghz_phy = 0;
4461                 have_5ghz_phy = 0;
4462                 switch (dev->phy.type) {
4463                 case B43_PHYTYPE_A:
4464                         have_5ghz_phy = 1;
4465                         break;
4466                 case B43_PHYTYPE_G:
4467                 case B43_PHYTYPE_N:
4468                         have_2ghz_phy = 1;
4469                         break;
4470                 default:
4471                         B43_WARN_ON(1);
4472                 }
4473         }
4474         if (dev->phy.type == B43_PHYTYPE_A) {
4475                 /* FIXME */
4476                 b43err(wl, "IEEE 802.11a devices are unsupported\n");
4477                 err = -EOPNOTSUPP;
4478                 goto err_powerdown;
4479         }
4480         if (1 /* disable A-PHY */) {
4481                 /* FIXME: For now we disable the A-PHY on multi-PHY devices. */
4482                 if (dev->phy.type != B43_PHYTYPE_N) {
4483                         have_2ghz_phy = 1;
4484                         have_5ghz_phy = 0;
4485                 }
4486         }
4487
4488         dev->phy.gmode = have_2ghz_phy;
4489         tmp = dev->phy.gmode ? B43_TMSLOW_GMODE : 0;
4490         b43_wireless_core_reset(dev, tmp);
4491
4492         err = b43_validate_chipaccess(dev);
4493         if (err)
4494                 goto err_powerdown;
4495         err = b43_setup_bands(dev, have_2ghz_phy, have_5ghz_phy);
4496         if (err)
4497                 goto err_powerdown;
4498
4499         /* Now set some default "current_dev" */
4500         if (!wl->current_dev)
4501                 wl->current_dev = dev;
4502         INIT_WORK(&dev->restart_work, b43_chip_reset);
4503
4504         b43_radio_turn_off(dev, 1);
4505         b43_switch_analog(dev, 0);
4506         ssb_device_disable(dev->dev, 0);
4507         ssb_bus_may_powerdown(bus);
4508
4509 out:
4510         return err;
4511
4512 err_powerdown:
4513         ssb_bus_may_powerdown(bus);
4514         return err;
4515 }
4516
4517 static void b43_one_core_detach(struct ssb_device *dev)
4518 {
4519         struct b43_wldev *wldev;
4520         struct b43_wl *wl;
4521
4522         /* Do not cancel ieee80211-workqueue based work here.
4523          * See comment in b43_remove(). */
4524
4525         wldev = ssb_get_drvdata(dev);
4526         wl = wldev->wl;
4527         b43_debugfs_remove_device(wldev);
4528         b43_wireless_core_detach(wldev);
4529         list_del(&wldev->list);
4530         wl->nr_devs--;
4531         ssb_set_drvdata(dev, NULL);
4532         kfree(wldev);
4533 }
4534
4535 static int b43_one_core_attach(struct ssb_device *dev, struct b43_wl *wl)
4536 {
4537         struct b43_wldev *wldev;
4538         struct pci_dev *pdev;
4539         int err = -ENOMEM;
4540
4541         if (!list_empty(&wl->devlist)) {
4542                 /* We are not the first core on this chip. */
4543                 pdev = dev->bus->host_pci;
4544                 /* Only special chips support more than one wireless
4545                  * core, although some of the other chips have more than
4546                  * one wireless core as well. Check for this and
4547                  * bail out early.
4548                  */
4549                 if (!pdev ||
4550                     ((pdev->device != 0x4321) &&
4551                      (pdev->device != 0x4313) && (pdev->device != 0x431A))) {
4552                         b43dbg(wl, "Ignoring unconnected 802.11 core\n");
4553                         return -ENODEV;
4554                 }
4555         }
4556
4557         wldev = kzalloc(sizeof(*wldev), GFP_KERNEL);
4558         if (!wldev)
4559                 goto out;
4560
4561         wldev->dev = dev;
4562         wldev->wl = wl;
4563         b43_set_status(wldev, B43_STAT_UNINIT);
4564         wldev->bad_frames_preempt = modparam_bad_frames_preempt;
4565         tasklet_init(&wldev->isr_tasklet,
4566                      (void (*)(unsigned long))b43_interrupt_tasklet,
4567                      (unsigned long)wldev);
4568         INIT_LIST_HEAD(&wldev->list);
4569
4570         err = b43_wireless_core_attach(wldev);
4571         if (err)
4572                 goto err_kfree_wldev;
4573
4574         list_add(&wldev->list, &wl->devlist);
4575         wl->nr_devs++;
4576         ssb_set_drvdata(dev, wldev);
4577         b43_debugfs_add_device(wldev);
4578
4579       out:
4580         return err;
4581
4582       err_kfree_wldev:
4583         kfree(wldev);
4584         return err;
4585 }
4586
4587 #define IS_PDEV(pdev, _vendor, _device, _subvendor, _subdevice)         ( \
4588         (pdev->vendor == PCI_VENDOR_ID_##_vendor) &&                    \
4589         (pdev->device == _device) &&                                    \
4590         (pdev->subsystem_vendor == PCI_VENDOR_ID_##_subvendor) &&       \
4591         (pdev->subsystem_device == _subdevice)                          )
4592
4593 static void b43_sprom_fixup(struct ssb_bus *bus)
4594 {
4595         struct pci_dev *pdev;
4596
4597         /* boardflags workarounds */
4598         if (bus->boardinfo.vendor == SSB_BOARDVENDOR_DELL &&
4599             bus->chip_id == 0x4301 && bus->boardinfo.rev == 0x74)
4600                 bus->sprom.boardflags_lo |= B43_BFL_BTCOEXIST;
4601         if (bus->boardinfo.vendor == PCI_VENDOR_ID_APPLE &&
4602             bus->boardinfo.type == 0x4E && bus->boardinfo.rev > 0x40)
4603                 bus->sprom.boardflags_lo |= B43_BFL_PACTRL;
4604         if (bus->bustype == SSB_BUSTYPE_PCI) {
4605                 pdev = bus->host_pci;
4606                 if (IS_PDEV(pdev, BROADCOM, 0x4318, ASUSTEK, 0x100F) ||
4607                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0015) ||
4608                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0013))
4609                         bus->sprom.boardflags_lo &= ~B43_BFL_BTCOEXIST;
4610         }
4611 }
4612
4613 static void b43_wireless_exit(struct ssb_device *dev, struct b43_wl *wl)
4614 {
4615         struct ieee80211_hw *hw = wl->hw;
4616
4617         ssb_set_devtypedata(dev, NULL);
4618         ieee80211_free_hw(hw);
4619 }
4620
4621 static int b43_wireless_init(struct ssb_device *dev)
4622 {
4623         struct ssb_sprom *sprom = &dev->bus->sprom;
4624         struct ieee80211_hw *hw;
4625         struct b43_wl *wl;
4626         int err = -ENOMEM;
4627
4628         b43_sprom_fixup(dev->bus);
4629
4630         hw = ieee80211_alloc_hw(sizeof(*wl), &b43_hw_ops);
4631         if (!hw) {
4632                 b43err(NULL, "Could not allocate ieee80211 device\n");
4633                 goto out;
4634         }
4635
4636         /* fill hw info */
4637         hw->flags = IEEE80211_HW_HOST_GEN_BEACON_TEMPLATE |
4638                     IEEE80211_HW_RX_INCLUDES_FCS |
4639                     IEEE80211_HW_SIGNAL_DBM |
4640                     IEEE80211_HW_NOISE_DBM;
4641
4642         hw->queues = b43_modparam_qos ? 4 : 1;
4643         SET_IEEE80211_DEV(hw, dev->dev);
4644         if (is_valid_ether_addr(sprom->et1mac))
4645                 SET_IEEE80211_PERM_ADDR(hw, sprom->et1mac);
4646         else
4647                 SET_IEEE80211_PERM_ADDR(hw, sprom->il0mac);
4648
4649         /* Get and initialize struct b43_wl */
4650         wl = hw_to_b43_wl(hw);
4651         memset(wl, 0, sizeof(*wl));
4652         wl->hw = hw;
4653         spin_lock_init(&wl->irq_lock);
4654         rwlock_init(&wl->tx_lock);
4655         spin_lock_init(&wl->leds_lock);
4656         spin_lock_init(&wl->shm_lock);
4657         mutex_init(&wl->mutex);
4658         INIT_LIST_HEAD(&wl->devlist);
4659         INIT_WORK(&wl->qos_update_work, b43_qos_update_work);
4660         INIT_WORK(&wl->beacon_update_trigger, b43_beacon_update_trigger_work);
4661
4662         ssb_set_devtypedata(dev, wl);
4663         b43info(wl, "Broadcom %04X WLAN found\n", dev->bus->chip_id);
4664         err = 0;
4665       out:
4666         return err;
4667 }
4668
4669 static int b43_probe(struct ssb_device *dev, const struct ssb_device_id *id)
4670 {
4671         struct b43_wl *wl;
4672         int err;
4673         int first = 0;
4674
4675         wl = ssb_get_devtypedata(dev);
4676         if (!wl) {
4677                 /* Probing the first core. Must setup common struct b43_wl */
4678                 first = 1;
4679                 err = b43_wireless_init(dev);
4680                 if (err)
4681                         goto out;
4682                 wl = ssb_get_devtypedata(dev);
4683                 B43_WARN_ON(!wl);
4684         }
4685         err = b43_one_core_attach(dev, wl);
4686         if (err)
4687                 goto err_wireless_exit;
4688
4689         if (first) {
4690                 err = ieee80211_register_hw(wl->hw);
4691                 if (err)
4692                         goto err_one_core_detach;
4693         }
4694
4695       out:
4696         return err;
4697
4698       err_one_core_detach:
4699         b43_one_core_detach(dev);
4700       err_wireless_exit:
4701         if (first)
4702                 b43_wireless_exit(dev, wl);
4703         return err;
4704 }
4705
4706 static void b43_remove(struct ssb_device *dev)
4707 {
4708         struct b43_wl *wl = ssb_get_devtypedata(dev);
4709         struct b43_wldev *wldev = ssb_get_drvdata(dev);
4710
4711         /* We must cancel any work here before unregistering from ieee80211,
4712          * as the ieee80211 unreg will destroy the workqueue. */
4713         cancel_work_sync(&wldev->restart_work);
4714
4715         B43_WARN_ON(!wl);
4716         if (wl->current_dev == wldev)
4717                 ieee80211_unregister_hw(wl->hw);
4718
4719         b43_one_core_detach(dev);
4720
4721         if (list_empty(&wl->devlist)) {
4722                 /* Last core on the chip unregistered.
4723                  * We can destroy common struct b43_wl.
4724                  */
4725                 b43_wireless_exit(dev, wl);
4726         }
4727 }
4728
4729 /* Perform a hardware reset. This can be called from any context. */
4730 void b43_controller_restart(struct b43_wldev *dev, const char *reason)
4731 {
4732         /* Must avoid requeueing, if we are in shutdown. */
4733         if (b43_status(dev) < B43_STAT_INITIALIZED)
4734                 return;
4735         b43info(dev->wl, "Controller RESET (%s) ...\n", reason);
4736         queue_work(dev->wl->hw->workqueue, &dev->restart_work);
4737 }
4738
4739 #ifdef CONFIG_PM
4740
4741 static int b43_suspend(struct ssb_device *dev, pm_message_t state)
4742 {
4743         struct b43_wldev *wldev = ssb_get_drvdata(dev);
4744         struct b43_wl *wl = wldev->wl;
4745
4746         b43dbg(wl, "Suspending...\n");
4747
4748         mutex_lock(&wl->mutex);
4749         wldev->suspend_in_progress = true;
4750         wldev->suspend_init_status = b43_status(wldev);
4751         if (wldev->suspend_init_status >= B43_STAT_STARTED)
4752                 b43_wireless_core_stop(wldev);
4753         if (wldev->suspend_init_status >= B43_STAT_INITIALIZED)
4754                 b43_wireless_core_exit(wldev);
4755         mutex_unlock(&wl->mutex);
4756
4757         b43dbg(wl, "Device suspended.\n");
4758
4759         return 0;
4760 }
4761
4762 static int b43_resume(struct ssb_device *dev)
4763 {
4764         struct b43_wldev *wldev = ssb_get_drvdata(dev);
4765         struct b43_wl *wl = wldev->wl;
4766         int err = 0;
4767
4768         b43dbg(wl, "Resuming...\n");
4769
4770         mutex_lock(&wl->mutex);
4771         if (wldev->suspend_init_status >= B43_STAT_INITIALIZED) {
4772                 err = b43_wireless_core_init(wldev);
4773                 if (err) {
4774                         b43err(wl, "Resume failed at core init\n");
4775                         goto out;
4776                 }
4777         }
4778         if (wldev->suspend_init_status >= B43_STAT_STARTED) {
4779                 err = b43_wireless_core_start(wldev);
4780                 if (err) {
4781                         b43_leds_exit(wldev);
4782                         b43_rng_exit(wldev->wl);
4783                         b43_wireless_core_exit(wldev);
4784                         b43err(wl, "Resume failed at core start\n");
4785                         goto out;
4786                 }
4787         }
4788         b43dbg(wl, "Device resumed.\n");
4789  out:
4790         wldev->suspend_in_progress = false;
4791         mutex_unlock(&wl->mutex);
4792         return err;
4793 }
4794
4795 #else /* CONFIG_PM */
4796 # define b43_suspend    NULL
4797 # define b43_resume     NULL
4798 #endif /* CONFIG_PM */
4799
4800 static struct ssb_driver b43_ssb_driver = {
4801         .name           = KBUILD_MODNAME,
4802         .id_table       = b43_ssb_tbl,
4803         .probe          = b43_probe,
4804         .remove         = b43_remove,
4805         .suspend        = b43_suspend,
4806         .resume         = b43_resume,
4807 };
4808
4809 static void b43_print_driverinfo(void)
4810 {
4811         const char *feat_pci = "", *feat_pcmcia = "", *feat_nphy = "",
4812                    *feat_leds = "", *feat_rfkill = "";
4813
4814 #ifdef CONFIG_B43_PCI_AUTOSELECT
4815         feat_pci = "P";
4816 #endif
4817 #ifdef CONFIG_B43_PCMCIA
4818         feat_pcmcia = "M";
4819 #endif
4820 #ifdef CONFIG_B43_NPHY
4821         feat_nphy = "N";
4822 #endif
4823 #ifdef CONFIG_B43_LEDS
4824         feat_leds = "L";
4825 #endif
4826 #ifdef CONFIG_B43_RFKILL
4827         feat_rfkill = "R";
4828 #endif
4829         printk(KERN_INFO "Broadcom 43xx driver loaded "
4830                "[ Features: %s%s%s%s%s, Firmware-ID: "
4831                B43_SUPPORTED_FIRMWARE_ID " ]\n",
4832                feat_pci, feat_pcmcia, feat_nphy,
4833                feat_leds, feat_rfkill);
4834 }
4835
4836 static int __init b43_init(void)
4837 {
4838         int err;
4839
4840         b43_debugfs_init();
4841         err = b43_pcmcia_init();
4842         if (err)
4843                 goto err_dfs_exit;
4844         err = ssb_driver_register(&b43_ssb_driver);
4845         if (err)
4846                 goto err_pcmcia_exit;
4847         b43_print_driverinfo();
4848
4849         return err;
4850
4851 err_pcmcia_exit:
4852         b43_pcmcia_exit();
4853 err_dfs_exit:
4854         b43_debugfs_exit();
4855         return err;
4856 }
4857
4858 static void __exit b43_exit(void)
4859 {
4860         ssb_driver_unregister(&b43_ssb_driver);
4861         b43_pcmcia_exit();
4862         b43_debugfs_exit();
4863 }
4864
4865 module_init(b43_init)
4866 module_exit(b43_exit)
Making Linux better for my computers